Validating PR #29, opened by anantakumarghosh #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name : PR Guardrails | |
run-name: > | |
Validating PR #${{ github.event.pull_request.number }}, opened by ${{ github.actor }} | |
on: pull_request | |
jobs: | |
check_sensitive_files: | |
name: Check for sensitive file modifications | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Check for sensitive file modifications | |
run: | | |
MODIFIED_FILES=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }}) | |
SENSITIVE_FILES=$(echo "$MODIFIED_FILES" | grep -E '^\.github/|^LICENSE$|^CONTRIBUTING\.md$' || true) | |
if [ ! -z "$SENSITIVE_FILES" ] && [ "${{ github.event.pull_request.user.id }}" != "${{ env.ALLOWED_USERNAME }}" ]; then | |
echo "Error: Unauthorized modification of sensitive files detected:" | |
echo "$SENSITIVE_FILES" | |
echo "Only user with ID 61864488 is allowed to modify these files." | |
exit 1 | |
fi | |
branchname: | |
name: Validate branch name | |
runs-on: ubuntu-latest | |
steps: | |
- name: Validate source branch name | |
uses: actions-ecosystem/action-regex-match@v2 | |
id: branch_name_validation | |
with: | |
text: ${{ github.event.pull_request.head.ref }} | |
regex: '^WRPD-(feature|bugfix|release|ci|enhancement|hotfix|refactor|deps|docs|experimental|security)?-[0-9]+$|^main$|^development$' | |
- name: Print invalid branch name message | |
if: ${{ steps.branch_name_validation.outputs.match == '' }} | |
run: | | |
echo ❌ ${{ github.event.pull_request.head.ref }} is not a valid branch name. | |
exit 1 | |
- name: Print valid branch name message | |
run: | | |
echo ✅ ${{ github.event.pull_request.head.ref }} is a valid branch name. | |
commitlint: | |
name: Validate commit messages | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Fetch PR commits | |
run: | | |
git fetch origin +refs/pull/${{ github.event.pull_request.number }}/head:refs/remotes/origin/pr/${{ github.event.pull_request.number }} | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
cache: 'npm' | |
- name: Setup Wrappid npm registry | |
run: | | |
npm config set @wrappid:registry https://npm.pkg.github.com/wrappid | |
npm config set //npm.pkg.github.com/:_authToken ${{ secrets.WRAPPID_REGISTRY_TOKEN }} | |
- name: Install commitlint | |
run: | | |
npm i | |
npm install conventional-changelog-conventionalcommits@7.0.2 | |
- name: Print versions | |
run: | | |
git --version | |
node --version | |
npm --version | |
npx commitlint --version | |
- name: Get commit range | |
id: commit_range | |
run: | | |
BASE_SHA=$(git merge-base ${{ github.event.pull_request.base.sha }} origin/pr/${{ github.event.pull_request.number }}) | |
echo "base_sha=$BASE_SHA" >> $GITHUB_OUTPUT | |
HEAD_SHA=${{ github.event.pull_request.head.sha }} | |
echo "head_sha=$HEAD_SHA" >> $GITHUB_OUTPUT | |
- name: Run commitlint | |
run: | | |
npx commitlint --from ${{ steps.commit_range.outputs.base_sha }} --to ${{ steps.commit_range.outputs.head_sha }} --verbose | |
codelint_app: | |
name: Validate app code style | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out branch | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
cache: 'npm' | |
registry-url: https://npm.pkg.github.com/wrappid | |
token: ${{secrets.WRAPPID_REGISTRY_TOKEN}} | |
- name: Setup Wrappid npm registry | |
run: | | |
npm config set @wrappid:registry https://npm.pkg.github.com/wrappid | |
npm config set //npm.pkg.github.com/:_authToken ${{ secrets.WRAPPID_REGISTRY_TOKEN }} | |
- name: Install ESLint | |
run: | | |
npm ci | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.WRAPPID_REGISTRY_TOKEN}} | |
- name: Print versions | |
run: | | |
node --version | |
npm --version | |
npx eslint --version | |
- name: Find added/changed files | |
id: git_diff | |
run: | | |
echo Searching for files added/changed in ${{ github.event.pull_request.head.ref }}, since the last commit in ${{ github.event.pull_request.base.ref }} | |
echo "FILES_TO_LINT=$(git diff --name-only --diff-filter=AM --recursive ${{ github.event.pull_request.head.sha }}..${{ github.event.pull_request.base.sha }} ./app/*.{js,jsx,ts,tsx} | xargs)" >> $GITHUB_OUTPUT | |
- name: Run ESLint for app | |
run: | | |
npm run code:lint:app ${{ steps.git_diff.outputs.FILES_TO_LINT }} | |
codelint_service: | |
name: Validate service code style | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out branch | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
cache: 'npm' | |
registry-url: https://npm.pkg.github.com/wrappid | |
token: ${{secrets.WRAPPID_REGISTRY_TOKEN}} | |
- name: Setup Wrappid npm registry | |
run: | | |
npm config set @wrappid:registry https://npm.pkg.github.com/wrappid | |
npm config set //npm.pkg.github.com/:_authToken ${{ secrets.WRAPPID_REGISTRY_TOKEN }} | |
- name: Install ESLint | |
run: | | |
npm ci | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.WRAPPID_REGISTRY_TOKEN}} | |
- name: Print versions | |
run: | | |
node --version | |
npm --version | |
npx eslint --version | |
- name: Find added/changed files | |
id: git_diff | |
run: | | |
echo Searching for files added/changed in ${{ github.event.pull_request.head.ref }}, since the last commit in ${{ github.event.pull_request.base.ref }} | |
echo "FILES_TO_LINT=$(git diff --name-only --diff-filter=AM --recursive ${{ github.event.pull_request.head.sha }}..${{ github.event.pull_request.base.sha }} ./service/*.{js,jsx,ts,tsx} | xargs)" >> $GITHUB_OUTPUT | |
- name: Run ESLint for service | |
run: | | |
npm run code:lint:service ${{ steps.git_diff.outputs.FILES_TO_LINT }} | |
unit_tests: | |
name: Run unit test cases | |
runs-on: ubuntu-latest | |
needs: [branchname, commitlint, codelint_app, codelint_service] | |
steps: | |
- name: Check out branch | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Run unit test cases | |
run: echo "Ran unit test cases" | |
e2e_tests: | |
name: Run E2E test cases | |
runs-on: ubuntu-latest | |
needs: unit_tests | |
steps: | |
- name: Check out branch | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
cache: 'npm' | |
- name: Setup Wrappid npm registry | |
run: | | |
npm config set @wrappid:registry https://npm.pkg.github.com/wrappid | |
npm config set //npm.pkg.github.com/:_authToken ${{ secrets.WRAPPID_REGISTRY_TOKEN }} | |
- name: Install node_modules | |
run: npm ci | |
- name: Run test cases | |
run: | | |
npm ci | |
npm test | |
echo "Ran test cases" |