ActionPack/.github/workflows/check_contrib.yaml at main · ServiceNowDevProgram/ActionPack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Check contribution

on:
  pull_request_target:
    branches:
      - main
    types: [opened, ready_for_review]

permissions:
  contents: read
  pull-requests: write
  issues: write

jobs:
  check:
    if: github.repository == 'ServiceNowDevProgram/ActionPack'
    runs-on: ubuntu-latest
    name: Check PR
    steps:
      - name: Init safe git workspace
        run: |
          set -euo pipefail
          git init .
          git remote add origin "https://github.com/${{ github.repository }}.git"
          git fetch --no-tags --depth=1 origin main

      - name: Resolve latest main and PR head SHAs
        id: shas
        run: |
          set -euo pipefail

          # Latest tip of main (base repo)
          MAIN_SHA="$(git rev-parse FETCH_HEAD)"

          # Fetch PR head from the fork without checking out
          PR_CLONE_URL="${{ github.event.pull_request.head.repo.clone_url }}"
          PR_REF="refs/heads/${{ github.event.pull_request.head.ref }}"
          git fetch --no-tags --depth=1 "${PR_CLONE_URL}" "+${PR_REF}:refs/remotes/_prhead"

          PR_SHA="$(git rev-parse refs/remotes/_prhead)"

          echo "main_sha=$MAIN_SHA" >> "$GITHUB_OUTPUT"
          echo "pr_sha=$PR_SHA" >> "$GITHUB_OUTPUT"

      - name: Use tj-actions/changed-files against explicit SHAs
        id: changes
        uses: tj-actions/changed-files@823fcebdb31bb35fdf2229d9f769b400309430d0 # v46
        with:
          base_sha: ${{ steps.shas.outputs.main_sha }}
          ref: ${{ steps.shas.outputs.pr_sha }}
          fetch-depth: 0

          files: |
            b812ceb69337a210633378917cba10bc/checksum.txt
            b812ceb69337a210633378917cba10bc/update/sys_hub_action_type_definition_*.xml
            b812ceb69337a210633378917cba10bc/update/sys_hub_category_*.xml
            b812ceb69337a210633378917cba10bc/README.md

      - name: Handle inappropriate contribution
        if: steps.changes.outputs.only_changed != 'true'
        uses: actions/github-script@v8
        with:
          script: |
            const {owner, repo} = context.repo;
            const pr = context.payload.pull_request.number;
            const label = 'non-compliant';

            // Ensure label exists (create if missing)
            try {
              await github.rest.issues.getLabel({owner, repo, name: label});
            } catch (e) {
              if (e.status === 404) {
                await github.rest.issues.createLabel({owner, repo, name: label, color: 'B66B02', description: 'PR violates CONTRIBUTING rules'});
              } else {
                throw e;
              }
            }

            const body = [
              '🚫 **Unexpected files changed in PR**',
              '',
              'Thank you for your contribution. However, it seems that the file changes in this Pull Request are incorrect or invalid.',
              'Please see the description of the unexpected file changes below. Contributions must be correct, valid, and align with the [CONTRIBUTING.md](CONTRIBUTING.md) for this repo.',
              'This pull request modifies files *outside* the allowed paths/patterns.',
              '',
              '**Allowed patterns:**',
              '```',
              'b812ceb69337a210633378917cba10bc/checksum.txt',
              'b812ceb69337a210633378917cba10bc/update/sys_hub_action_type_definition_*.xml',
              'b812ceb69337a210633378917cba10bc/update/sys_hub_category_*.xml',
              'b812ceb69337a210633378917cba10bc/README.md',
              '```',
              '',
              'Closing this for now. Once you make additional changes, feel free to re-open this Pull Request or create a new one.',
              '',
              'If you feel that this PR should be accepted in its current state, please reach out to Astrid Sapphire (SapphicFire) on GitHub, or in the SNDevs Slack Hacktoberfest channel.',
            ].join('\n');

            await github.rest.issues.addLabels({owner, repo, issue_number: pr, labels: [label]});
            await github.rest.issues.createComment({owner, repo, issue_number: pr, body});
            await github.rest.pulls.update({owner, repo, pull_number: pr, state: 'closed'});

      - name: Fail if non-compliant
        if: steps.changes.outputs.only_changed != 'true'
        run: |
          echo "Non-compliant file changes were made."
          exit 1

      - name: Handle appropriate contribution
        if: steps.changes.outputs.only_changed == 'true'
        uses: actions/github-script@v8
        with:
          script: |
            const {owner, repo} = context.repo;
            const pr = context.payload.pull_request.number;

            const body = [
              '✅ **Valid PR for ActionPack**',
              '',
              'Thank you for your contribution. This PR complies with the [CONTRIBUTING.md](CONTRIBUTING.md).',
              'A maintainer will review this shortly. In the meantime, Happy Hacking!',
            ].join('\n');

            await github.rest.issues.createComment({owner, repo, issue_number: pr, body});

      - name: Succeed for compliant
        if: steps.changes.outputs.only_changed == 'true'
        run: |
          echo "Compliant file changes were made."
          exit 0