actions: draft #6
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check Pull Requests Modifying Specific Files | |
| on: | |
| push: | |
| branches: | |
| - '**' # Triggers on pushes to any branch | |
| jobs: | |
| check-prs: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Step 1: Checkout the repository | |
| - name: Checkout the repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| # Step 2: Define the list of files to watch for changes | |
| - name: Define list of files to check | |
| id: define_files | |
| run: | | |
| echo "FILES_TO_WATCH=scripts/requirements-fixed.txt,scripts/tools-versions-linux.yml,scripts/tools-versions-darwin.yml,scripts/tools-versions-win10.yml" >> $GITHUB_ENV | |
| # Step 3: Get the list of files modified in the commit | |
| - name: Get modified files | |
| id: get_files | |
| run: | | |
| echo "Modified files in this commit:" | |
| git diff --name-only ${{ github.event.before }} ${{ github.sha }} > modified_files.txt | |
| cat modified_files.txt | |
| # Step 4: Check if any of the files in the watch list were modified | |
| - name: Check if any watched files are modified | |
| id: check_files | |
| run: | | |
| modified_files=$(cat modified_files.txt) | |
| IFS=',' read -r -a watched_files <<< "${{ env.FILES_TO_WATCH }}" | |
| modified=false | |
| for file in "${watched_files[@]}"; do | |
| if echo "$modified_files" | grep -q "$file"; then | |
| echo "$file was modified." | |
| modified=true | |
| fi | |
| done | |
| echo "modified=$modified" >> $GITHUB_ENV | |
| - name: Get app token | |
| uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.JENKINS_NCS_APP_ID }} | |
| private-key: ${{ secrets.JENKINS_NCS_APP_PRIVATE_KEY }} | |
| # Step 5: Find open pull requests targeting this branch and modifying any watched files | |
| - name: Find open pull requests targeting this branch | |
| if: env.modified == 'true' | |
| id: find_prs | |
| run: | | |
| PRs=$(gh pr list --base ${{ github.ref_name }} --state open --json url,headRefName,files --jq '[.[] | select(.files[]? | .path as $file | [$file] | inside([env.FILES_TO_WATCH]))]') | |
| echo "Found PRs: $PRs" | |
| echo "prs=$PRs" >> $GITHUB_ENV | |
| env: | |
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
| # Step 6: Set CI/Jenkins/toolchain status check to failure for matching PRs using gh api | |
| - name: Set CI/Jenkins/toolchain status check to failure for matching PRs | |
| if: env.modified == 'true' && steps.find_prs.outputs.prs != '[]' | |
| env: | |
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
| run: | | |
| for pr in $(echo "$prs" | jq -r '.[].url'); do | |
| pr_url=$(echo $pr | sed 's|https://github.com/||') | |
| pr_owner=$(echo $pr_url | cut -d'/' -f1) | |
| pr_repo=$(echo $pr_url | cut -d'/' -f2) | |
| pr_number=$(echo $pr_url | cut -d'/' -f4) | |
| echo "Setting CI/Jenkins/toolchain status to failure for PR: $pr" | |
| # Get the SHA of the last commit in the PR branch | |
| commit_sha=$(gh pr view $pr_number --json headRefName --jq '.headRefName') | |
| # Get the Check Run ID by listing the check runs for the PR's head commit | |
| check_run_id=$(gh api \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| /repos/$pr_owner/$pr_repo/commits/$commit_sha/check-runs \ | |
| --jq '.check_runs[] | select(.name == "CI/Jenkins/toolchain") | .id') | |
| # If no check run exists, create a new one; otherwise, update the existing one | |
| if [ -z "$check_run_id" ]; then | |
| echo "Creating new check run for PR: $pr" | |
| gh api \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| --method POST /repos/$pr_owner/$pr_repo/check-runs \ | |
| -f name="CI/Jenkins/toolchain" \ | |
| -f head_sha="$commit_sha" \ | |
| -f status="completed" \ | |
| -f conclusion="failure" \ | |
| -f output[title]="CI/Jenkins/toolchain NEW" \ | |
| -f output[summary]="CI/Jenkins/toolchain status failed because of changes in watched files." \ | |
| -f output[text]="Details: Changes in watched files triggered the failure." | |
| else | |
| echo "Updating existing check run with ID $check_run_id" | |
| gh api \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| --method PATCH /repos/$pr_owner/$pr_repo/check-runs/$check_run_id \ | |
| -f conclusion="failure" \ | |
| -f status="completed" \ | |
| -f output[title]="CI/Jenkins/toolchain UPDATED" \ | |
| -f output[summary]="CI/Jenkins/toolchain status failed because of changes in watched files." \ | |
| -f output[text]="Details: Changes in watched files triggered the failure." | |
| fi | |
| done |