forked from stackblitz/bolt.new
-
Notifications
You must be signed in to change notification settings - Fork 10.4k
125 lines (106 loc) · 4.25 KB
/
pr-release-validation.yaml
File metadata and controls
125 lines (106 loc) · 4.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
name: PR Validation
on:
pull_request:
types: [opened, synchronize, reopened, labeled, unlabeled]
branches:
- main
permissions:
contents: read
pull-requests: write
checks: write
jobs:
quality-gates:
name: Quality Gates
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Wait for CI checks
uses: lewagon/wait-on-check-action@v1.3.1
with:
ref: ${{ github.event.pull_request.head.sha }}
check-name: 'Test'
repo-token: ${{ secrets.GITHUB_TOKEN }}
wait-interval: 10
- name: Check required status checks
uses: actions/github-script@v7
continue-on-error: true
with:
script: |
const { data: checks } = await github.rest.checks.listForRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: context.payload.pull_request.head.sha
});
const requiredChecks = ['Test', 'CodeQL Analysis'];
const optionalChecks = ['Quality Analysis', 'Deploy Preview'];
const failedChecks = [];
const passedChecks = [];
// Check required workflows
for (const checkName of requiredChecks) {
const check = checks.check_runs.find(c => c.name === checkName);
if (check && check.conclusion === 'success') {
passedChecks.push(checkName);
} else {
failedChecks.push(checkName);
}
}
// Report optional checks
for (const checkName of optionalChecks) {
const check = checks.check_runs.find(c => c.name === checkName);
if (check && check.conclusion === 'success') {
passedChecks.push(`${checkName} (optional)`);
}
}
console.log(`✅ Passed checks: ${passedChecks.join(', ')}`);
if (failedChecks.length > 0) {
console.log(`❌ Failed required checks: ${failedChecks.join(', ')}`);
core.setFailed(`Required checks failed: ${failedChecks.join(', ')}`);
} else {
console.log(`✅ All required checks passed!`);
}
validate-release:
name: Release Validation
runs-on: ubuntu-latest
needs: quality-gates
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Validate PR Labels
run: |
if [[ "${{ contains(github.event.pull_request.labels.*.name, 'stable-release') }}" == "true" ]]; then
echo "✓ PR has stable-release label"
# Check version bump labels
if [[ "${{ contains(github.event.pull_request.labels.*.name, 'major') }}" == "true" ]]; then
echo "✓ Major version bump requested"
elif [[ "${{ contains(github.event.pull_request.labels.*.name, 'minor') }}" == "true" ]]; then
echo "✓ Minor version bump requested"
else
echo "✓ Patch version bump will be applied"
fi
else
echo "This PR doesn't have the stable-release label. No release will be created."
fi
- name: Check breaking changes
if: contains(github.event.pull_request.labels.*.name, 'major')
run: |
echo "⚠️ This PR contains breaking changes and will trigger a major release."
- name: Validate changelog entry
if: contains(github.event.pull_request.labels.*.name, 'stable-release')
run: |
if ! grep -q "${{ github.event.pull_request.number }}" CHANGES.md; then
echo "❌ No changelog entry found for PR #${{ github.event.pull_request.number }}"
echo "Please add an entry to CHANGES.md"
exit 1
else
echo "✓ Changelog entry found"
fi
security-review:
name: Security Review Required
runs-on: ubuntu-latest
if: contains(github.event.pull_request.labels.*.name, 'security')
steps:
- name: Check security label
run: |
echo "🔒 This PR has security implications and requires additional review"
echo "Ensure a security team member has approved this PR before merging"