Skip to content

ci: Update release-notes-generator-action to a step-security maintain… #1458

ci: Update release-notes-generator-action to a step-security maintain…

ci: Update release-notes-generator-action to a step-security maintain… #1458

##
# Copyright (C) 2023-2024 Hedera Hashgraph, LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##
name: "PR Formatting Checks"
on:
pull_request:
types:
- assigned
- unassigned
- labeled
- unlabeled
- opened
- reopened
- edited
- converted_to_draft
- ready_for_review
- review_requested
- review_request_removed
- locked
- unlocked
- synchronize
defaults:
run:
shell: bash
permissions:
statuses: write
jobs:
pr-formatting-checks:
name: PR Formatting Checks
runs-on: block-node-linux-medium
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Check PR Title
id: title-check
uses: step-security/conventional-pr-title-action@0eae74515f5a79f8773fa04142dd746df76666ac # v1.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
continue-on-error: true
- name: Check Milestone
run: |
if [[ "${{ github.event.pull_request.milestone }}" == "" ]]; then
echo "Milestone is not set. Setting failure."
echo "MILESTONE_CHECK_FAILED=true" >> $GITHUB_ENV
fi
- name: Check Assignee
run: |
if [[ "${{ github.event.pull_request.assignees[0] }}" == "" ]]; then
echo "Assignee is not set. Setting failure."
echo "ASSIGNEE_CHECK_FAILED=true" >> $GITHUB_ENV
fi
- name: Check Labels
run: |
if [[ "${{ github.event.pull_request.labels[0] }}" == "" ]]; then
echo "No labels are set. Setting failure."
echo "LABEL_CHECK_FAILED=true" >> $GITHUB_ENV
fi
- name: Set Result for Title Check
if: steps.title-check.outcome == 'failure'
run: echo "TITLE_CHECK_FAILED=true" >> $GITHUB_ENV
- name: Aggregate Results
run: |
failed=false
if [ "${{ env.TITLE_CHECK_FAILED }}" == "true" ]; then
echo "::error title=Title Check::❌ Title Check failed"
failed=true
else
echo "::notice title=Title Check::✅ Title Check passed"
fi
if [ "${{ env.MILESTONE_CHECK_FAILED }}" == "true" ]; then
echo "::error title=Milestone Check::❌ Milestone Check failed"
failed=true
else
echo "::notice title=Milestone Check::✅ Milestone Check passed"
fi
if [ "${{ env.ASSIGNEE_CHECK_FAILED }}" == "true" ]; then
echo "::error title=Assignee Check::❌ Assignee Check failed"
failed=true
else
echo "::notice title=Assignee Check::✅ Assignee Check passed"
fi
if [ "${{ env.LABEL_CHECK_FAILED }}" == "true" ]; then
echo "::error title=Label Check::❌ Label Check failed"
failed=true
else
echo "::notice title=Label Check::✅ Label Check passed"
fi
if [ "$failed" == "true" ]; then
exit 1
fi