rasterize-email-unique-file #586
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Security Label Check | |
on: | |
pull_request: | |
types: [opened, edited, labeled, synchronize, unlabeled] | |
jobs: | |
security-check: | |
runs-on: ubuntu-latest | |
if: github.repository == 'demisto/content' && github.event.pull_request.head.repo.fork == true && contains(github.head_ref, 'xsoar-bot-contrib-ContributionTestPack') == false | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Check if PR base branch starts with "contrib" and labels are correct | |
id: security_check | |
run: | | |
BASE_BRANCH=$(jq --raw-output .pull_request.base.ref "$GITHUB_EVENT_PATH") | |
LABELS=$(jq --raw-output '.pull_request.labels | map(.name) | join(",")' "$GITHUB_EVENT_PATH") | |
if [[ "$LABELS" == *"Security Review"* ]]; then | |
echo "Security Review label present. Checking if Security Approved label is added..." | |
if [[ "$LABELS" != *"Security Approved"* ]]; then | |
echo "Security Approved label is missing. The PR still requires a review from the security team." | |
exit 1 | |
else | |
echo "Security Approved label is present." | |
fi | |
else | |
echo "Security Review label is not added. Security review is not required." | |
fi |