Jose
ecddd28472
All checks were successful
ansible-lint / Ansible Lint (push) Successful in 12s
Gitleaks Scan / gitleaks (push) Successful in 4s
Markdown Lint / markdown-lint (push) Successful in 5s
ai-reviews / Review PR (pull_request) Successful in 18s
PR check / Gitleaks (pull_request) Successful in 5s
PR check / lint tests (pull_request) Successful in 14s
PR check / labeler (pull_request) Successful in 3s
PR check / handle_failures (pull_request) Has been skipped
PR check / handle_success (pull_request) Successful in 1s
This commit introduces a new `.gitea/labeler.yml` file and configures a 'labeler' job to automatically apply labels to pull requests based on the changes made in the files. This enhances the efficiency of managing PRs by reducing manual intervention.
206 lines
6.6 KiB
YAML
206 lines
6.6 KiB
YAML
---
|
|
# https://github.com/kekxv/pr-check
|
|
name: PR check
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, synchronize]
|
|
|
|
jobs:
|
|
leak_test:
|
|
name: Gitleaks
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v6
|
|
with:
|
|
github-server-url: ${{ vars.GIT_SERVER_URL }}
|
|
|
|
- name: Install Gitleaks
|
|
run: |
|
|
curl -sSL https://github.com/gitleaks/gitleaks/releases/download/v8.30.0/gitleaks_8.30.0_linux_x64.tar.gz \
|
|
| tar -xz
|
|
sudo mv gitleaks /usr/local/bin/
|
|
|
|
- name: Run Gitleaks
|
|
run: |
|
|
gitleaks dir . \
|
|
--config .gitleaks.toml \
|
|
--redact=50 \
|
|
--verbose \
|
|
--exit-code 1
|
|
# --exclude-files "README.md"
|
|
|
|
lint_test:
|
|
name: lint tests
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v6
|
|
with:
|
|
github-server-url: ${{ vars.GIT_SERVER_URL }}
|
|
|
|
- name: Install Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
|
|
- name: Run markdownlint
|
|
run: npx markdownlint-cli2 "**/*.md" "#node_modules"
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.14"
|
|
|
|
- name: Install ansible-lint and yamllint
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install ansible ansible-lint yamllint
|
|
|
|
- name: Run yamllint
|
|
run: |
|
|
yamllint .
|
|
|
|
- name: Run ansible-lint
|
|
run: |
|
|
ansible-lint
|
|
|
|
labeler:
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
|
|
- uses: actions/labeler@v6
|
|
with:
|
|
repo-token: ${{ secrets.GITEA_TOKEN }}
|
|
configuration-path: .gitea/labeler.yml
|
|
|
|
handle_failures:
|
|
runs-on: ubuntu-latest
|
|
needs: [leak_test, lint_test]
|
|
if: "${{ always() && (
|
|
needs.leak_test.result != 'success' ||
|
|
needs.lint_test.result != 'success' ) }}"
|
|
|
|
steps:
|
|
- name: Comment, label, and close PR
|
|
run: |
|
|
API="${{ vars.GIT_SERVER_URL }}/api/v1/repos/${{ github.repository }}"
|
|
PR="${{ github.event.pull_request.number }}"
|
|
TOKEN="${{ secrets.GITEA_TOKEN }}"
|
|
|
|
COMMENT_BODY="❌ CI checks failed.\n\nLeak: ${{ needs.leak_test.result }}\nLint: ${{ needs.lint_test.result }}"
|
|
|
|
# Find existing comment
|
|
EXISTING_COMMENT_ID=$(curl -s -H "Authorization: token $TOKEN" \
|
|
"$API/issues/$PR/comments" \
|
|
| jq -r '.[] | select(.body | test("<!--ci-failed-comment-->")) | .id')
|
|
|
|
# Update or create comment
|
|
if [ -n "$EXISTING_COMMENT_ID" ]; then
|
|
curl -s -X PATCH \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"body\":\"<!--ci-failed-comment-->\n$COMMENT_BODY\"}" \
|
|
"$API/issues/$PR/comments/$EXISTING_COMMENT_ID"
|
|
else
|
|
curl -s -X POST \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"body\":\"<!--ci-failed-comment-->\n$COMMENT_BODY\"}" \
|
|
"$API/issues/$PR/comments"
|
|
fi
|
|
|
|
# Remove ci-pass +label if exists
|
|
LABELS=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels" | jq -r '.[] | .name')
|
|
if echo "$LABELS" | grep -q "^ci-pass$"; then
|
|
curl -s -X DELETE \
|
|
-H "Authorization: token $TOKEN" \
|
|
"$API/issues/$PR/labels/ci-pass"
|
|
fi
|
|
|
|
# Add label if missing
|
|
LABELS=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels" | jq -r '.[] | .name')
|
|
if ! echo "$LABELS" | grep -q "^ci-failed$"; then
|
|
curl -s -X POST \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '["ci-failed"]' \
|
|
"$API/issues/$PR/labels"
|
|
fi
|
|
|
|
# Close PR
|
|
curl -s -X PATCH \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"state":"closed"}' \
|
|
"$API/pulls/$PR"
|
|
|
|
handle_success:
|
|
runs-on: ubuntu-latest
|
|
needs: [leak_test, lint_test]
|
|
if: needs.leak_test.result == 'success' && needs.lint_test.result == 'success'
|
|
|
|
steps:
|
|
- name: Update comment, remove label, reopen PR
|
|
run: |
|
|
API="${{ vars.GIT_SERVER_URL }}/api/v1/repos/${{ github.repository }}"
|
|
PR="${{ github.event.pull_request.number }}"
|
|
TOKEN="${{ secrets.GITEA_TOKEN }}"
|
|
|
|
COMMENT_BODY="✅ CI checks pass.\n\nLeaks: ${{ needs.leak_test.result }}\nLint: ${{ needs.lint_test.result }}"
|
|
|
|
# Find existing comment
|
|
EXISTING_COMMENT_ID=$(curl -s -H "Authorization: token $TOKEN" \
|
|
"$API/issues/$PR/comments" \
|
|
| jq -r '.[] | select(.body | test("<!--ci-failed-comment-->")) | .id')
|
|
|
|
# Update comment if exists
|
|
if [ -n "$EXISTING_COMMENT_ID" ]; then
|
|
curl -s -X PATCH \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"body\":\"<!--ci-failed-comment-->\n$COMMENT_BODY\"}" \
|
|
"$API/issues/$PR/comments/$EXISTING_COMMENT_ID"
|
|
else
|
|
curl -s -X POST \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$COMMENT_PAYLOAD" \
|
|
"$API/issues/$PR/comments"
|
|
fi
|
|
|
|
# Remove ci-failed +label if exists
|
|
LABELS=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels" | jq -r '.[] | .name')
|
|
if echo "$LABELS" | grep -q "^ci-failed$"; then
|
|
curl -s -X DELETE \
|
|
-H "Authorization: token $TOKEN" \
|
|
"$API/issues/$PR/labels/ci-failed"
|
|
fi
|
|
|
|
# Add ci-pass if not present
|
|
if ! echo "$LABELS" | grep -q "^ci-pass$"; then
|
|
echo "Adding ci-pass label"
|
|
curl -s -X POST \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"labels":["ci-pass"]}' \
|
|
"$API/issues/$PR/labels"
|
|
fi
|
|
|
|
# Reopen PR if closed
|
|
PR_STATE=$(curl -s -H "Authorization: token $TOKEN" "$API/pulls/$PR" | jq -r '.state')
|
|
if [ "$PR_STATE" = "closed" ]; then
|
|
curl -s -X PATCH \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"state":"open"}' \
|
|
"$API/pulls/$PR"
|
|
fi
|