-
Notifications
You must be signed in to change notification settings - Fork 1.2k
114 lines (101 loc) · 4.87 KB
/
enforce-toolchain-synchronization.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
name: Check Pull Requests Modifying Specific Files
on:
push:
branches:
- '**' # Triggers on pushes to any branch
jobs:
check-prs:
runs-on: ubuntu-latest
steps:
# Step 1: Checkout the repository
- name: Checkout the repository
uses: actions/checkout@v4
with:
fetch-depth: 0
persist-credentials: false
# Step 2: Define the list of files to watch for changes
- name: Define list of files to check
id: define_files
run: |
echo "FILES_TO_WATCH=scripts/requirements-fixed.txt,scripts/tools-versions-linux.yml,scripts/tools-versions-darwin.yml,scripts/tools-versions-win10.yml" >> $GITHUB_ENV
# Step 3: Get the list of files modified in the commit
- name: Get modified files
id: get_files
run: |
echo "Modified files in this commit:"
git diff --name-only ${{ github.event.before }} ${{ github.sha }} > modified_files.txt
cat modified_files.txt
# Step 4: Check if any of the files in the watch list were modified
- name: Check if any watched files are modified
id: check_files
run: |
modified_files=$(cat modified_files.txt)
IFS=',' read -r -a watched_files <<< "${{ env.FILES_TO_WATCH }}"
modified=false
for file in "${watched_files[@]}"; do
if echo "$modified_files" | grep -q "$file"; then
echo "$file was modified."
modified=true
fi
done
echo "modified=$modified" >> $GITHUB_ENV
- name: Get app token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.JENKINS_NCS_APP_ID }}
private-key: ${{ secrets.JENKINS_NCS_APP_PRIVATE_KEY }}
# Step 5: Find open pull requests targeting this branch and modifying any watched files
- name: Find open pull requests targeting this branch
if: env.modified == 'true'
id: find_prs
run: |
PRs=$(gh pr list --base ${{ github.ref_name }} --state open --json url,headRefName,files --jq '[.[] | select(.files[]? | .path as $file | [$file] | inside([env.FILES_TO_WATCH]))]')
echo "Found PRs: $PRs"
echo "prs=$PRs" >> $GITHUB_ENV
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
# Step 6: Set CI/Jenkins/toolchain status check to failure for matching PRs using gh api
- name: Set CI/Jenkins/toolchain status check to failure for matching PRs
if: env.modified == 'true' && steps.find_prs.outputs.prs != '[]'
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
run: |
for pr in $(echo "$prs" | jq -r '.[].url'); do
pr_url=$(echo $pr | sed 's|https://github.com/||')
pr_owner=$(echo $pr_url | cut -d'/' -f1)
pr_repo=$(echo $pr_url | cut -d'/' -f2)
pr_number=$(echo $pr_url | cut -d'/' -f4)
echo "Setting CI/Jenkins/toolchain status to failure for PR: $pr"
# Get the SHA of the last commit in the PR branch
commit_sha=$(gh pr view $pr_number --json headRefName --jq '.headRefName')
# Get the Check Run ID by listing the check runs for the PR's head commit
check_run_id=$(gh api \
-H "Accept: application/vnd.github.v3+json" \
/repos/$pr_owner/$pr_repo/commits/$commit_sha/check-runs \
--jq '.check_runs[] | select(.name == "CI/Jenkins/toolchain") | .id')
# If no check run exists, create a new one; otherwise, update the existing one
if [ -z "$check_run_id" ]; then
echo "Creating new check run for PR: $pr"
gh api \
-H "Accept: application/vnd.github.v3+json" \
--method POST /repos/$pr_owner/$pr_repo/check-runs \
-f name="CI/Jenkins/toolchain" \
-f head_sha="$commit_sha" \
-f status="completed" \
-f conclusion="failure" \
-f output[title]="CI/Jenkins/toolchain NEW" \
-f output[summary]="CI/Jenkins/toolchain status failed because of changes in watched files." \
-f output[text]="Details: Changes in watched files triggered the failure."
else
echo "Updating existing check run with ID $check_run_id"
gh api \
-H "Accept: application/vnd.github.v3+json" \
--method PATCH /repos/$pr_owner/$pr_repo/check-runs/$check_run_id \
-f conclusion="failure" \
-f status="completed" \
-f output[title]="CI/Jenkins/toolchain UPDATED" \
-f output[summary]="CI/Jenkins/toolchain status failed because of changes in watched files." \
-f output[text]="Details: Changes in watched files triggered the failure."
fi
done