From 45cd7e6e7341e6d9617b4614495c21298ecd9083 Mon Sep 17 00:00:00 2001 From: Advait <126783821+Advaitgaur004@users.noreply.github.com> Date: Thu, 24 Oct 2024 03:25:40 +0530 Subject: [PATCH] ensuring case-insensitive checks prevent manual addition of the bugbounty and bugbountyverified labels, ensuring case-insensitive checks --- .github/workflows/prevent-bugbounty-label.yml | 46 ++++++++++--------- 1 file changed, 25 insertions(+), 21 deletions(-) diff --git a/.github/workflows/prevent-bugbounty-label.yml b/.github/workflows/prevent-bugbounty-label.yml index 95782c6..1256095 100644 --- a/.github/workflows/prevent-bugbounty-label.yml +++ b/.github/workflows/prevent-bugbounty-label.yml @@ -1,56 +1,60 @@ -name: Bug Bounty PR Labeling +name: Prevent Manual 'bugbounty' and Handle Bug Bounty Verification on: pull_request: - types: [opened, synchronize, closed] + types: [labeled, unlabeled, opened, synchronize, closed] jobs: - check_issue_and_add_bugbounty: + remove_invalid_labels: if: github.event.pull_request.merged == false runs-on: ubuntu-latest steps: - - name: Check for 'bugbounty' label on related issue + - name: Remove 'bugbounty' and 'bugbountyverified' if manually added uses: actions/github-script@v6 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | - const issueNumber = context.payload.pull_request.body.match(/#(\d+)/); - if (!issueNumber) return; - const issue = await github.rest.issues.get({ - owner: 'devlup-labs', - repo: 'dev-playground', - issue_number: issueNumber[1], - }); - if (issue.data.labels.some(label => label.name.toLowerCase() === 'bugbounty')) { - await github.rest.issues.addLabels({ - owner: 'devlup-labs', - repo: 'dev-playground', - issue_number: context.payload.pull_request.number, - labels: ['bugbounty'], - }); + const restrictedLabels = ['bugbounty', 'bugbountyverified']; + const labelsToRemove = context.payload.pull_request.labels + .filter(label => restrictedLabels.map(l => l.toLowerCase()).includes(label.name.toLowerCase())); + + if (labelsToRemove.length > 0) { + await Promise.all(labelsToRemove.map(label => + github.rest.issues.removeLabel({ + owner: 'devlup-labs', + repo: 'dev-playground', + issue_number: context.payload.pull_request.number, + name: label.name, + }) + )); } add_bugbountyverified_on_merge: if: github.event.pull_request.merged == true runs-on: ubuntu-latest steps: - - name: Check if issue has 'bugbounty' label before adding 'bugbountyverified' + - name: Check issue and add 'bugbountyverified' on merge if no 'bugbounty' label on issue uses: actions/github-script@v6 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | const issueNumber = context.payload.pull_request.body.match(/#(\d+)/); - if (!issueNumber) return; + if (!issueNumber) return; // No issue referenced in the PR body + const issue = await github.rest.issues.get({ owner: 'devlup-labs', repo: 'dev-playground', issue_number: issueNumber[1], }); - if (issue.data.labels.some(label => label.name.toLowerCase() === 'bugbounty')) { + + // Check if the issue has the 'bugbounty' label + if (!issue.data.labels.some(label => label.name.toLowerCase() === 'bugbounty')) { await github.rest.issues.addLabels({ owner: 'devlup-labs', repo: 'dev-playground', issue_number: context.payload.pull_request.number, labels: ['bugbountyverified'], }); + } else { + console.log('Issue has "bugbounty" label, skipping "bugbountyverified" addition.'); }