Jose
fc3b5e8507
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 11s
Gitleaks Scan / gitleaks (push) Successful in 5s
Markdown Lint / markdown-lint (push) Successful in 5s
ai-reviews / Review PR (pull_request) Successful in 21s
PR check / Gitleaks (pull_request) Failing after 6s
PR check / lint tests (pull_request) Successful in 13s
PR check / handle_failures (pull_request) Successful in 1s
PR check / handle_success (pull_request) Has been skipped
This commit addresses an issue where the PR check job was not running as expected. The condition for triggering the job has been corrected to ensure it runs properly under all circumstances.
167 lines
5.3 KiB
YAML
167 lines
5.3 KiB
YAML
---
|
|
# https://github.com/kekxv/pr-check
|
|
name: PR check
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, synchronize]
|
|
|
|
jobs:
|
|
leak_test:
|
|
name: Gitleaks
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v6
|
|
with:
|
|
github-server-url: ${{ vars.GIT_SERVER_URL }}
|
|
|
|
- name: Install Gitleaks
|
|
run: |
|
|
curl -sSL https://github.com/gitleaks/gitleaks/releases/download/v8.30.0/gitleaks_8.30.0_linux_x64.tar.gz \
|
|
| tar -xz
|
|
sudo mv gitleaks /usr/local/bin/
|
|
|
|
- name: Run Gitleaks
|
|
run: |
|
|
gitleaks dir . \
|
|
--redact=10 \
|
|
--verbose \
|
|
--exit-code 1
|
|
|
|
lint_test:
|
|
name: lint tests
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v6
|
|
with:
|
|
github-server-url: ${{ vars.GIT_SERVER_URL }}
|
|
|
|
- name: Install Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
|
|
- name: Run markdownlint
|
|
run: npx markdownlint-cli2 "**/*.md" "#node_modules"
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.14"
|
|
|
|
- name: Install ansible-lint and yamllint
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install ansible ansible-lint yamllint
|
|
|
|
- name: Run yamllint
|
|
run: |
|
|
yamllint .
|
|
|
|
- name: Run ansible-lint
|
|
run: |
|
|
ansible-lint
|
|
|
|
handle_failures:
|
|
runs-on: ubuntu-latest
|
|
needs: [leak_test, lint_test]
|
|
if: "${{ always() && (
|
|
needs.leak_test.result != 'success' ||
|
|
needs.lint_test.result != 'success' ) }}"
|
|
|
|
steps:
|
|
- name: Comment, label, and close PR
|
|
run: |
|
|
API="${{ vars.GIT_SERVER_URL }}/api/v1/repos/${{ github.repository }}"
|
|
PR="${{ github.event.pull_request.number }}"
|
|
TOKEN="${{ secrets.GITEA_TOKEN }}"
|
|
|
|
COMMENT_BODY="❌ CI checks failed.\n\nLeak: ${{ needs.leak_test.result }}\nLint: ${{ needs.lint_test.result }}"
|
|
|
|
# Find existing comment
|
|
EXISTING_COMMENT_ID=$(curl -s -H "Authorization: token $TOKEN" \
|
|
"$API/issues/$PR/comments" \
|
|
| jq -r '.[] | select(.body | test("<!--ci-failed-comment-->")) | .id')
|
|
|
|
# Update or create comment
|
|
if [ -n "$EXISTING_COMMENT_ID" ]; then
|
|
curl -s -X PATCH \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"body\":\"<!--ci-failed-comment-->\n$COMMENT_BODY\"}" \
|
|
"$API/issues/$PR/comments/$EXISTING_COMMENT_ID"
|
|
else
|
|
curl -s -X POST \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"body\":\"<!--ci-failed-comment-->\n$COMMENT_BODY\"}" \
|
|
"$API/issues/$PR/comments"
|
|
fi
|
|
|
|
# Add label if missing
|
|
LABELS=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels" | jq -r '.[] | .name')
|
|
if ! echo "$LABELS" | grep -q "^ci-failed$"; then
|
|
curl -s -X POST \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '["ci-failed"]' \
|
|
"$API/issues/$PR/labels"
|
|
fi
|
|
|
|
# Close PR
|
|
curl -s -X PATCH \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"state":"closed"}' \
|
|
"$API/pulls/$PR"
|
|
|
|
handle_success:
|
|
runs-on: ubuntu-latest
|
|
needs: [leak_test, lint_test]
|
|
if: needs.leak_test.result == 'success' && needs.lint_test.result == 'success'
|
|
|
|
steps:
|
|
- name: Update comment, remove label, reopen PR
|
|
run: |
|
|
API="${{ vars.GIT_SERVER_URL }}/api/v1/repos/${{ github.repository }}"
|
|
PR="${{ github.event.pull_request.number }}"
|
|
TOKEN="${{ secrets.GITEA_TOKEN }}"
|
|
|
|
COMMENT_BODY="✅ CI checks pass.\n\nLeaks: ${{ needs.leak_test.result }}\nLint: ${{ needs.lint_test.result }}"
|
|
|
|
# Find existing comment
|
|
EXISTING_COMMENT_ID=$(curl -s -H "Authorization: token $TOKEN" \
|
|
"$API/issues/$PR/comments" \
|
|
| jq -r '.[] | select(.body | test("<!--ci-failed-comment-->")) | .id')
|
|
|
|
# Update comment if exists
|
|
if [ -n "$EXISTING_COMMENT_ID" ]; then
|
|
curl -s -X PATCH \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"body\":\"<!--ci-failed-comment-->\n$COMMENT_BODY\"}" \
|
|
"$API/issues/$PR/comments/$EXISTING_COMMENT_ID"
|
|
fi
|
|
|
|
# Remove label if exists
|
|
LABELS=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels" | jq -r '.[] | .name')
|
|
if echo "$LABELS" | grep -q "^ci-failed$"; then
|
|
curl -s -X DELETE \
|
|
-H "Authorization: token $TOKEN" \
|
|
"$API/issues/$PR/labels/ci-failed"
|
|
fi
|
|
|
|
# Reopen PR if closed
|
|
PR_STATE=$(curl -s -H "Authorization: token $TOKEN" "$API/pulls/$PR" | jq -r '.state')
|
|
if [ "$PR_STATE" = "closed" ]; then
|
|
curl -s -X PATCH \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"state":"open"}' \
|
|
"$API/pulls/$PR"
|
|
fi
|