AIRA-64: Branch Protection Rules & Core Development Automation #4
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Validation | |
| on: | |
| pull_request: | |
| types: [opened, edited, synchronize, ready_for_review] | |
| jobs: | |
| validate-pr: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check PR links to issue | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const prBody = context.payload.pull_request.body || ''; | |
| const prTitle = context.payload.pull_request.title || ''; | |
| // Check for issue references | |
| const issuePattern = /(?:closes|fixes|resolves|implements)\s+#(\d+)|AIRA-(\d+)/gi; | |
| const hasIssueRef = issuePattern.test(prBody + ' ' + prTitle); | |
| if (!hasIssueRef) { | |
| core.setFailed('❌ PR must reference an issue using "Closes #12" or mention "AIRA-12"'); | |
| return; | |
| } | |
| console.log('✅ PR references an issue'); | |
| - name: Validate branch name | |
| run: | | |
| BRANCH_NAME="${{ github.head_ref }}" | |
| echo "🔍 Checking branch name: $BRANCH_NAME" | |
| # Flexible pattern allowing descriptive names | |
| if [[ $BRANCH_NAME =~ ^AIRA-[0-9]+.*$ ]] || \ | |
| [[ $BRANCH_NAME =~ ^(hotfix|docs|feature)/AIRA-[0-9]+.*$ ]] || \ | |
| [[ $BRANCH_NAME =~ ^(hotfix|docs)/.+$ ]]; then | |
| echo "✅ Branch name follows convention: $BRANCH_NAME" | |
| else | |
| echo "❌ Branch name must follow one of these patterns:" | |
| echo " - AIRA-X or AIRA-X-description (feature branches)" | |
| echo " - hotfix/AIRA-X or hotfix/description (hotfixes)" | |
| echo " - docs/AIRA-X or docs/description (documentation)" | |
| echo " - feature/AIRA-X-description (feature branches)" | |
| echo "" | |
| echo "Your branch: $BRANCH_NAME" | |
| exit 1 | |
| fi | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Basic validation | |
| run: | | |
| echo "🔍 Basic project validation..." | |
| python --version | |
| echo "✅ Python is working" | |
| # Count Python files | |
| PY_COUNT=$(find . -name "*.py" -type f | wc -l) | |
| echo "📁 Found $PY_COUNT Python files" | |
| # Test basic Python functionality | |
| python -c "import sys; print(f'Python version: {sys.version}'); print('✅ Basic Python test passed')" | |
| # Check if tests directory exists | |
| if [ -d "tests" ]; then | |
| echo "📂 Tests directory found" | |
| TEST_FILES=$(find tests -name "*.py" -type f | wc -l) | |
| echo "🧪 Found $TEST_FILES test files" | |
| if [ "$TEST_FILES" -gt 0 ]; then | |
| pip install pytest | |
| pytest tests/ -v || echo "⚠️ Some tests failed but continuing..." | |
| fi | |
| else | |
| echo "ℹ️ No tests directory found - skipping test run" | |
| fi | |
| echo "✅ Validation completed successfully" | |
| security-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Basic security scan | |
| run: | | |
| echo "🔍 Basic security checks..." | |
| # Check for potential secrets (simple grep) | |
| echo "Checking for potential hardcoded secrets..." | |
| if grep -r -i "password\s*=" . --include="*.py" --include="*.js" --exclude-dir=".git" | head -3; then | |
| echo "⚠️ Found potential hardcoded passwords (review needed)" | |
| else | |
| echo "✅ No obvious hardcoded passwords found" | |
| fi | |
| if grep -r -i "api[_-]key\s*=" . --include="*.py" --include="*.js" --exclude-dir=".git" | head -3; then | |
| echo "⚠️ Found potential hardcoded API keys (review needed)" | |
| else | |
| echo "✅ No obvious hardcoded API keys found" | |
| fi | |
| echo "✅ Basic security scan completed" |