Skip to content
JIRA PR Check

TEST TEST TEST PR Checker #1

Sign in to view logs

TEST TEST TEST PR Checker

TEST TEST TEST PR Checker #1

Workflow file for this run

.github/workflows/jira-pr-check.yml at 22dabbc
name: JIRA PR Check
on:
pull_request:
types: [opened, synchronize, reopened]
jobs:
jira-pr-check:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: Checkout kernel-src-tree
uses: actions/checkout@v4
with:
path: kernel-src-tree
fetch-depth: 0
- name: Checkout kernel-src-tree-tools
uses: actions/checkout@v4
with:
repository: ctrliq/kernel-src-tree-tools
ref: '{jmaple}_pr_jira_test'
path: kernel-src-tree-tools
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install jira
- name: Mask JIRA credentials
run: |
echo "::add-mask::${{ secrets.JIRA_API_USER }}"
echo "::add-mask::${{ secrets.JIRA_API_TOKEN }}"
- name: Run JIRA PR Check
id: jira_check
env:
JIRA_URL: ${{ secrets.JIRA_URL }}
JIRA_API_USER: ${{ secrets.JIRA_API_USER }}
JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
run: |
cd kernel-src-tree-tools
# Run script and capture output, ensuring credentials are never echoed
set +x # Disable command echo to prevent credential exposure
OUTPUT=$(python3 jira_pr_check.py \
--jira-url "${JIRA_URL}" \
--jira-user "${JIRA_API_USER}" \
--jira-key "${JIRA_API_TOKEN}" \
--kernel-src-tree ../kernel-src-tree \
--merge-target ${{ github.base_ref }} \
--pr-branch ${{ github.head_ref }} 2>&1)
EXIT_CODE=$?
# Filter out any potential credential leaks from output
FILTERED_OUTPUT=$(echo "$OUTPUT" | grep -v "jira-user\|jira-key\|basic_auth\|Authorization" || true)
echo "$FILTERED_OUTPUT"
echo "output<<EOF" >> $GITHUB_OUTPUT
echo "$FILTERED_OUTPUT" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
# Check if there are any issues
if echo "$OUTPUT" | grep -E "^✗|^⚠|^!|^ERROR"; then
echo "has_issues=true" >> $GITHUB_OUTPUT
# Check specifically for LTS mismatch errors
if echo "$OUTPUT" | grep -q "✗.*LTS product.*expects branch"; then
echo "has_lts_mismatch=true" >> $GITHUB_OUTPUT
else
echo "has_lts_mismatch=false" >> $GITHUB_OUTPUT
fi
else
echo "has_issues=false" >> $GITHUB_OUTPUT
echo "has_lts_mismatch=false" >> $GITHUB_OUTPUT
fi
- name: Comment PR with issues
if: steps.jira_check.outputs.has_issues == 'true'
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = `${{ steps.jira_check.outputs.output }}`;
const body = `## JIRA PR Check Results
Issues were found with the VULN tickets in this PR:
\`\`\`
${output}
\`\`\`
Please review and address the issues above before merging.`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: body
});
- name: Request changes if LTS mismatch
if: steps.jira_check.outputs.has_lts_mismatch == 'true'
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
github.rest.pulls.createReview({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
event: 'REQUEST_CHANGES',
body: '⚠️ This PR contains VULN tickets that do not match the target LTS product. Please review the JIRA ticket assignments and ensure they match the merge target branch.'
});
- name: Fail workflow if LTS mismatch
if: steps.jira_check.outputs.has_lts_mismatch == 'true'
run: |
echo "❌ JIRA PR check failed due to LTS product mismatch"
exit 1