Skip to content

Commit

Permalink
Add a check for Security Approved for contributions (#37329)
Browse files Browse the repository at this point in the history
* Add a check for Security Approved for contributions
  • Loading branch information
amshamah419 authored Nov 21, 2024
1 parent 9201864 commit e4c9305
Showing 1 changed file with 27 additions and 0 deletions.
27 changes: 27 additions & 0 deletions .github/workflows/security-label-check.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: Security Label Check
on:
pull_request:
types: [opened, edited, labeled, synchronize, unlabeled]
jobs:
security-check:
runs-on: ubuntu-latest
if: github.repository == 'demisto/content' && github.event.pull_request.head.repo.fork == true && contains(github.head_ref, 'xsoar-bot-contrib-ContributionTestPack') == false
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Check if PR base branch starts with "contrib" and labels are correct
id: security_check
run: |
BASE_BRANCH=$(jq --raw-output .pull_request.base.ref "$GITHUB_EVENT_PATH")
LABELS=$(jq --raw-output '.pull_request.labels | map(.name) | join(",")' "$GITHUB_EVENT_PATH")
if [[ "$LABELS" == *"Security Review"* ]]; then
echo "Security Review label present. Checking if Security Approved label is added..."
if [[ "$LABELS" != *"Security Approved"* ]]; then
echo "Security Approved label is missing. The PR still requires a review from the security team."
exit 1
else
echo "Security Approved label is present."
fi
else
echo "Security Review label is not added. Security review is not required."
fi

0 comments on commit e4c9305

Please sign in to comment.