-
Notifications
You must be signed in to change notification settings - Fork 77
182 lines (162 loc) · 7.48 KB
/
ops-docs.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
name: documentation
on:
workflow_dispatch:
pull_request:
types:
- opened
- edited
permissions:
contents: read
jobs:
check_pr_for_docs:
if: github.repository == 'JanssenProject/jans' && startsWith(github.head_ref, 'dependabot/') != true
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Install latest GH
continue-on-error: true
run: |
VERSION=`curl "https://api.github.com/repos/cli/cli/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/' | cut -c2-`
echo $VERSION
curl -sSL https://github.com/cli/cli/releases/download/v${VERSION}/gh_${VERSION}_linux_amd64.tar.gz -o gh_${VERSION}_linux_amd64.tar.gz
tar xvf gh_${VERSION}_linux_amd64.tar.gz
sudo cp gh_${VERSION}_linux_amd64/bin/gh /usr/local/bin/
gh version
- name: Check commit message
continue-on-error: false
id: check_message
run: |
PULL_NUMBER=${{ github.event.pull_request.number }}
echo "Parsing commits from PR $PULL_NUMBER"
MESSAGE=$(gh pr view "$PULL_NUMBER" --json commits | jq -r '.commits[].messageHeadline' | grep "^docs" || echo "")
echo "$MESSAGE"
if [[ -z "$MESSAGE" ]]; then
echo "conventional commit starting with docs: does not exist. Checking if user confirmed no impact on docs in PR body"
pr_body=$(gh pr view https://github.com/${{ github.repository }}/pull/"$PULL_NUMBER" --json body -q '.body')
if [[ $pr_body == *"- [x] **I confirm that there is no impact on the docs due to the code changes in this PR.**"* ]]; then
echo "Checklist item is filled in PR body. Author confirmed no impact."
exit 0
else
echo "Author did not check the item that states: **I confirm that there is no impact on the docs due to the code changes in this PR.**"
exit 1
fi
fi
exit 0
docs:
if: github.repository == 'JanssenProject/jans' && github.event_name == 'pull_request' && contains(github.event.pull_request.changed_files, 'docs/')
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Set up Python 3.7
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: 3.7
- name: Auto-merge inhouse doc prs
run: |
sudo apt-get update
sudo apt-get install jq
echo "${{ secrets.MOAUTO_WORKFLOW_TOKEN }}" | gh auth login --with-token
pull_number=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")
NUMBER_OF_FOLDERS_CHANGED=$( gh pr view $pull_number --json files --jq '.files.[].path' | cut -d/ -f1 | sort -u | wc -l)
echo "The number of folders that changed are $NUMBER_OF_FOLDERS_CHANGED"
IS_USER_ORG_MEMBER=$(gh api -H "Accept: application/vnd.github.v3+json" --hostname github.com /orgs/${{ github.repository_owner }}/members?per_page=100 | jq .[].login | grep ${{ github.actor }})
echo "checking if ${{ github.actor }} belongs to the ${{ github.repository_owner }}. Found $IS_USER_ORG_MEMBER."
PULL_NUMBER=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")
#The number of folders changed should be 1. Otherwise the contributor has touched other folders besides /docs.
if [[ $NUMBER_OF_FOLDERS_CHANGED == "1" ]] && [[ ! -z "$IS_USER_ORG_MEMBER" ]]; then
echo "Approving PR $PULL_NUMBER"
gh pr review --approve $PULL_NUMBER
echo "Merging PR $PULL_NUMBER"
gh pr merge --squash --auto $PULL_NUMBER
echo ""
else
echo "Bot will not merge this as it does not meet the requirements."
echo "Either the developer has merged with doc changes code changes or an external contributor has requested doc changes."
fi
check_pr:
if: github.repository == 'JanssenProject/jans' && github.event_name == 'pull_request' && contains(github.event.pull_request.changed_files, 'docs/')
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Install latest GH
continue-on-error: true
run: |
VERSION=`curl "https://api.github.com/repos/cli/cli/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/' | cut -c2-`
echo $VERSION
curl -sSL https://github.com/cli/cli/releases/download/v${VERSION}/gh_${VERSION}_linux_amd64.tar.gz -o gh_${VERSION}_linux_amd64.tar.gz
tar xvf gh_${VERSION}_linux_amd64.tar.gz
sudo cp gh_${VERSION}_linux_amd64/bin/gh /usr/local/bin/
gh version
- name: Check commit message
continue-on-error: true
id: check_message
run: |
PULL_NUMBER=$(echo "$GITHUB_REF" | awk -F / '{print $3}')
echo "Parsing commits from PR $PULL_NUMBER"
MESSAGE=$(gh pr view "$PULL_NUMBER" --json commits | jq '.' | grep "messageHeadline" | cut -d: -f2- | grep "^docs" || echo "")
echo "$MESSAGE"
if [[ -z "$MESSAGE" ]]; then
echo "conventional commit starting with docs: does not exist"
exit 1
else
echo "conventional commit exists starting with docs:"
exit 0
fi
- name: Verify Changed files
if: steps.check_message.outcome != 'success'
id: check_files
run: |
pull_number=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")
CHANGES=$(gh pr view $pull_number --json files --jq '.files.[].path' | cut -d/ -f1 | grep '^docs' | sort -u )
if [ -n "$CHANGES" ]; then
echo "File changes exist"
exit 0
else
echo "No file changes"
exit 1
fi
lint_docs:
if: github.repository == 'JanssenProject/jans' && github.event_name == 'pull_request' && contains(github.event.pull_request.changed_files, 'docs/')
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Markdown linter
continue-on-error: true
run: |
sudo apt-get install rubygems -y
sudo gem install mdl
mdl --style automation/markdown/.mdl_style.rb docs/