diff --git a/.github/workflows/prevent-bugbounty-label.yml b/.github/workflows/prevent-bugbounty-label.yml index 43ddbf3..95782c6 100644 --- a/.github/workflows/prevent-bugbounty-label.yml +++ b/.github/workflows/prevent-bugbounty-label.yml @@ -1,30 +1,32 @@ -name: Prevent Manual 'bugbounty' and Handle Bug Bounty Verification +name: Bug Bounty PR Labeling on: pull_request: - types: [labeled, unlabeled, opened, synchronize, closed] + types: [opened, synchronize, closed] jobs: - remove_invalid_labels: + check_issue_and_add_bugbounty: if: github.event.pull_request.merged == false runs-on: ubuntu-latest steps: - - name: Remove 'bugbounty' and 'bugbountyverified' if manually added + - name: Check for 'bugbounty' label on related issue uses: actions/github-script@v6 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | - const restrictedLabels = ['bugbounty', 'bugbountyverified']; - const labelsToRemove = context.payload.pull_request.labels - .filter(label => restrictedLabels.includes(label.name)); - - if (labelsToRemove.length > 0) { - console.log(`Removing restricted labels: ${labelsToRemove.map(l => l.name).join(', ')}`); - await github.rest.issues.removeLabel({ - owner: 'DevlUp-Labs', + const issueNumber = context.payload.pull_request.body.match(/#(\d+)/); + if (!issueNumber) return; + const issue = await github.rest.issues.get({ + owner: 'devlup-labs', + repo: 'dev-playground', + issue_number: issueNumber[1], + }); + if (issue.data.labels.some(label => label.name.toLowerCase() === 'bugbounty')) { + await github.rest.issues.addLabels({ + owner: 'devlup-labs', repo: 'dev-playground', issue_number: context.payload.pull_request.number, - name: labelsToRemove[0].name, + labels: ['bugbounty'], }); } @@ -32,28 +34,23 @@ jobs: if: github.event.pull_request.merged == true runs-on: ubuntu-latest steps: - - name: Check issue and add 'bugbountyverified' on merge if no 'bugbounty' label on issue + - name: Check if issue has 'bugbounty' label before adding 'bugbountyverified' uses: actions/github-script@v6 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | const issueNumber = context.payload.pull_request.body.match(/#(\d+)/); - if (!issueNumber) return; // No issue referenced in the PR body - + if (!issueNumber) return; const issue = await github.rest.issues.get({ owner: 'devlup-labs', repo: 'dev-playground', issue_number: issueNumber[1], }); - - // Check if the issue has the 'bugbounty' label - if (!issue.data.labels.some(label => label.name === 'bugbounty')) { + if (issue.data.labels.some(label => label.name.toLowerCase() === 'bugbounty')) { await github.rest.issues.addLabels({ owner: 'devlup-labs', repo: 'dev-playground', issue_number: context.payload.pull_request.number, labels: ['bugbountyverified'], }); - } else { - console.log('Issue has "bugbounty" label, skipping "bugbountyverified" addition.'); }