generated from wrappid/wrappid-module
-
Notifications
You must be signed in to change notification settings - Fork 3
235 lines (191 loc) · 7.38 KB
/
pr-guardrails.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
name : PR Guardrails
run-name: >
Validating PR #${{ github.event.pull_request.number }}, opened by ${{ github.actor }}
on: pull_request_target
env:
ALLOWED_MODIFIERS: "61864488"
# maintainer anantakumarghosh
# contact: [email protected]
jobs:
check_sensitive_files:
name: Check for any sensitive file modifications
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Check for sensitive file modifications
run: |
MODIFIED_FILES=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }})
SENSITIVE_FILES=$(echo "$MODIFIED_FILES" | grep -E '^\.github/|^LICENSE$|^CONTRIBUTING\.md$' || true)
if [ ! -z "$SENSITIVE_FILES" ] && [ "${{ github.event.pull_request.user.id }}" != "${{ env.ALLOWED_USERNAME }}" ]; then
echo "Error: Unauthorized modification of sensitive files detected:"
echo "$SENSITIVE_FILES"
echo "Only user with ID 61864488 is allowed to modify these files."
exit 1
fi
branchname:
name: Validate branch name
runs-on: ubuntu-latest
steps:
- name: Validate source branch name
uses: actions-ecosystem/action-regex-match@v2
id: branch_name_validation
with:
text: ${{ github.event.pull_request.head.ref }}
regex: '^WRPD-(feature|bugfix|release|ci|enhancement|hotfix|refactor|deps|docs|experimental|security)?-[0-9]+$|^main$|^development$'
- name: Print invalid branch name message
if: ${{ steps.branch_name_validation.outputs.match == '' }}
run: |
echo ❌ ${{ github.event.pull_request.head.ref }} is not a valid branch name.
exit 1
- name: Print valid branch name message
run: |
echo ✅ ${{ github.event.pull_request.head.ref }} is a valid branch name.
commitlint:
name: Validate commit messages
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Fetch PR commits
run: |
git fetch origin +refs/pull/${{ github.event.pull_request.number }}/head:refs/remotes/origin/pr/${{ github.event.pull_request.number }}
- name: Use Node.js
uses: actions/setup-node@v3
with:
cache: 'npm'
- name: Setup Wrappid npm registry
run: |
npm config set @wrappid:registry https://npm.pkg.github.com/wrappid
npm config set //npm.pkg.github.com/:_authToken ${{ secrets.WRAPPID_REGISTRY_TOKEN }}
- name: Install commitlint
run: |
npm i
npm install [email protected]
- name: Print versions
run: |
git --version
node --version
npm --version
npx commitlint --version
- name: Get commit range
id: commit_range
run: |
BASE_SHA=$(git merge-base ${{ github.event.pull_request.base.sha }} origin/pr/${{ github.event.pull_request.number }})
echo "base_sha=$BASE_SHA" >> $GITHUB_OUTPUT
HEAD_SHA=${{ github.event.pull_request.head.sha }}
echo "head_sha=$HEAD_SHA" >> $GITHUB_OUTPUT
- name: Run commitlint
run: |
npx commitlint --from ${{ steps.commit_range.outputs.base_sha }} --to ${{ steps.commit_range.outputs.head_sha }} --verbose
codelint_app:
name: Validate app code style
runs-on: ubuntu-latest
steps:
- name: Check out branch
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Use Node.js
uses: actions/setup-node@v3
with:
cache: 'npm'
registry-url: https://npm.pkg.github.com/wrappid
token: ${{secrets.WRAPPID_REGISTRY_TOKEN}}
- name: Setup Wrappid npm registry
run: |
npm config set @wrappid:registry https://npm.pkg.github.com/wrappid
npm config set //npm.pkg.github.com/:_authToken ${{ secrets.WRAPPID_REGISTRY_TOKEN }}
- name: Install ESLint
run: |
npm ci
env:
NODE_AUTH_TOKEN: ${{secrets.WRAPPID_REGISTRY_TOKEN}}
- name: Print versions
run: |
node --version
npm --version
npx eslint --version
- name: Find added/changed files
id: git_diff
run: |
echo Searching for files added/changed in ${{ github.event.pull_request.head.ref }}, since the last commit in ${{ github.event.pull_request.base.ref }}
echo "FILES_TO_LINT=$(git diff --name-only --diff-filter=AM --recursive ${{ github.event.pull_request.head.sha }}..${{ github.event.pull_request.base.sha }} ./app/*.{js,jsx,ts,tsx} | xargs)" >> $GITHUB_OUTPUT
- name: Run ESLint for app
run: |
npm run code:lint:app ${{ steps.git_diff.outputs.FILES_TO_LINT }}
codelint_service:
name: Validate service code style
runs-on: ubuntu-latest
steps:
- name: Check out branch
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Use Node.js
uses: actions/setup-node@v3
with:
cache: 'npm'
registry-url: https://npm.pkg.github.com/wrappid
token: ${{secrets.WRAPPID_REGISTRY_TOKEN}}
- name: Setup Wrappid npm registry
run: |
npm config set @wrappid:registry https://npm.pkg.github.com/wrappid
npm config set //npm.pkg.github.com/:_authToken ${{ secrets.WRAPPID_REGISTRY_TOKEN }}
- name: Install ESLint
run: |
npm ci
env:
NODE_AUTH_TOKEN: ${{secrets.WRAPPID_REGISTRY_TOKEN}}
- name: Print versions
run: |
node --version
npm --version
npx eslint --version
- name: Find added/changed files
id: git_diff
run: |
echo Searching for files added/changed in ${{ github.event.pull_request.head.ref }}, since the last commit in ${{ github.event.pull_request.base.ref }}
echo "FILES_TO_LINT=$(git diff --name-only --diff-filter=AM --recursive ${{ github.event.pull_request.head.sha }}..${{ github.event.pull_request.base.sha }} ./service/*.{js,jsx,ts,tsx} | xargs)" >> $GITHUB_OUTPUT
- name: Run ESLint for service
run: |
npm run code:lint:service ${{ steps.git_diff.outputs.FILES_TO_LINT }}
unit_tests:
name: Run unit test cases
runs-on: ubuntu-latest
needs: [branchname, commitlint, codelint_app, codelint_service]
steps:
- name: Check out branch
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Run unit test cases
run: echo "Ran unit test cases"
e2e_tests:
name: Run E2E test cases
runs-on: ubuntu-latest
needs: unit_tests
steps:
- name: Check out branch
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Use Node.js
uses: actions/setup-node@v3
with:
cache: 'npm'
- name: Setup Wrappid npm registry
run: |
npm config set @wrappid:registry https://npm.pkg.github.com/wrappid
npm config set //npm.pkg.github.com/:_authToken ${{ secrets.WRAPPID_REGISTRY_TOKEN }}
- name: Install node_modules
run: npm ci
- name: Run test cases
run: |
npm ci
npm test
echo "Ran test cases"