Skip to content
JIRA PR Check

TEST TEST TEST PR Checker #4

Sign in to view logs

TEST TEST TEST PR Checker

TEST TEST TEST PR Checker #4

Workflow file for this run

.github/workflows/jira-pr-check.yml at 3499125
name: JIRA PR Check
on:
pull_request:
types: [opened, synchronize, reopened]
jobs:
jira-pr-check:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: Checkout kernel-src-tree
uses: actions/checkout@v4
with:
path: kernel-src-tree
fetch-depth: 0
- name: Checkout kernel-src-tree-tools
uses: actions/checkout@v4
with:
repository: ctrliq/kernel-src-tree-tools
ref: '{jmaple}_pr_jira_test'
path: kernel-src-tree-tools
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install jira
- name: Mask JIRA credentials
run: |
echo "::add-mask::${{ secrets.JIRA_API_USER }}"
echo "::add-mask::${{ secrets.JIRA_API_TOKEN }}"
- name: Run JIRA PR Check
id: jira_check
continue-on-error: true
env:
JIRA_URL: ${{ secrets.JIRA_URL }}
JIRA_API_USER: ${{ secrets.JIRA_API_USER }}
JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
run: |
cd kernel-src-tree-tools
# Run script and capture output, ensuring credentials are never echoed
set +x # Disable command echo to prevent credential exposure
set +e # Don't exit on error, we want to capture the output
OUTPUT=$(python3 jira_pr_check.py \
--jira-url "${JIRA_URL}" \
--jira-user "${JIRA_API_USER}" \
--jira-key "${JIRA_API_TOKEN}" \
--kernel-src-tree ../kernel-src-tree \
--merge-target ${{ github.base_ref }} \
--pr-branch ${{ github.head_ref }} 2>&1)
EXIT_CODE=$?
# Filter out any potential credential leaks from output
FILTERED_OUTPUT=$(echo "$OUTPUT" | grep -v "jira-user\|jira-key\|basic_auth\|Authorization" || true)
echo "$FILTERED_OUTPUT"
echo "output<<EOF" >> $GITHUB_OUTPUT
echo "$FILTERED_OUTPUT" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
# Check if there are any issues based on output patterns
if echo "$FILTERED_OUTPUT" | grep -q "❌ Errors:"; then
echo "has_issues=true" >> $GITHUB_OUTPUT
# Check specifically for LTS mismatch errors
if echo "$FILTERED_OUTPUT" | grep -q "expects branch"; then
echo "has_lts_mismatch=true" >> $GITHUB_OUTPUT
else
echo "has_lts_mismatch=false" >> $GITHUB_OUTPUT
fi
elif echo "$FILTERED_OUTPUT" | grep -q "⚠️ Warnings:"; then
echo "has_issues=true" >> $GITHUB_OUTPUT
echo "has_lts_mismatch=false" >> $GITHUB_OUTPUT
else
echo "has_issues=false" >> $GITHUB_OUTPUT
echo "has_lts_mismatch=false" >> $GITHUB_OUTPUT
fi
# Exit with the script's exit code
exit $EXIT_CODE
- name: Comment PR with issues
if: steps.jira_check.outputs.has_issues == 'true'
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = process.env.CHECK_OUTPUT;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
});
env:
CHECK_OUTPUT: ${{ steps.jira_check.outputs.output }}
- name: Request changes if LTS mismatch
if: steps.jira_check.outputs.has_lts_mismatch == 'true'
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
github.rest.pulls.createReview({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
event: 'REQUEST_CHANGES',
body: '⚠️ This PR contains VULN tickets that do not match the target LTS product. Please review the JIRA ticket assignments and ensure they match the merge target branch.'
});
- name: Fail workflow if errors found
if: steps.jira_check.outcome == 'failure'
run: |
echo "❌ JIRA PR check failed - errors were found in one or more commits"
exit 1