opensourceways · zhongjun2 · Dec 3, 2024 · Dec 2, 2024
diff --git a/.github/linters/checkstyle.xml b/.github/linters/checkstyle.xml
diff --git a/.github/script/codearts_check.sh b/.github/script/codearts_check.sh
@@ -0,0 +1,79 @@
+
+IAM_DATA=$(cat <<EOF
+{
+    "auth": {
+        "identity": {
+            "methods": [
+                "password"
+            ],
+            "password": {
+                "user": {
+                    "domain": {
+                        "name": "freesky-edward"
+                    },
+                    "name": "codearts_test",
+                    "password": "$3"
+                }
+            }
+        },
+        "scope": {
+            "project": {
+                "name": "cn-north-4"
+            }
+        }
+    }
+}
+EOF
+)
+
+response=$(curl -s -i --location 'https://iam.myhuaweicloud.com/v3/auth/tokens?nocatalog=true' \
+  --header 'Content-Type: application/json' \
+  --data "$IAM_DATA")
+
+# Extract the X-Subject-Token from the response
+token=$(echo "$response" | grep "X-Subject-Token" | awk '{print $2}' | tr -d '\r')
+
+echo "X-Subject-Token: $token"
+
+
+DATA=$(cat <<EOF
+{
+  "sources" : [ {
+    "type" : "code",
+    "params" : {
+      "git_type" : "github",
+      "default_branch" : "main",
+      "git_url" : "$6",
+      "endpoint_id" : "$5",
+      "build_params" : {
+        "build_type" : "branch",
+        "event_type" : "Manual",
+        "target_branch" : "$1"
+      }
+    }
+  } ],
+  "description" : "运行描述",
+  "variables" : [ {
+    "name" : "repo",
+    "value" : "$8"
+  } ,
+  {
+    "name" : "owner",
+    "value" : "$7"
+  }
+  ,
+  {
+    "name" : "pr_id",
+    "value" : "$2"
+  }
+  ]
+}
+EOF
+)
+
+CODEARTS_PIPELINE="$4"
+
+curl --location "$CODEARTS_PIPELINE" \
+--header "X-Auth-Token:$token" \
+--header "Content-Type: application/json" \
+--data "$DATA"
diff --git a/.github/workflows/check-label-owner.yml b/.github/workflows/check-label-owner.yml
@@ -0,0 +1,40 @@
+name: Check PR Label Owner
+
+on:
+  pull_request:
+    types:
+      - labeled  # 当 PR 被添加标签时触发
+jobs:
+  verify-label-owner:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check if the label was added by the bot
+        env:
+          LABEL_NAME: "gate_check_pass"  # 替换为需要检查的标签名称
+          GITHUB_TOKEN: ${{ secrets.OWNER_TOKEN }}
+          TARGET_LABEL: "gate_check_pass"  # 替换为需要检查的标签名称
+          AUTHORIZED_USER: "shishupei"  # 替换为允许添加标签的 bot 用户名
+        run: |
+
+          LABEL_NAME=${{ github.event.label.name }}
+          LABEL_USER=${{ github.event.sender.login }}
+
+          # 检查是否有相关事件
+               if [[ "$LABEL_NAME" != "$TARGET_LABEL"  ]]; then
+               echo "No labeled event found for the label '$TARGET_LABEL'. Exiting."
+               exit 0
+               fi
+
+          # 检查最近的标签操作者是否为授权用户
+               if [[ "$LABEL_USER" != "$AUTHORIZED_USER" ]]; then
+                echo "Label '$LABEL_NAME' was added by '$LABEL_USER', not '$AUTHORIZED_USER'. Removing it."
+
+          # 删除标签
+                curl -X DELETE \
+                -H "Authorization: token ${{ secrets.OWNER_TOKEN }}" \
+                -H "Accept: application/vnd.github.v3+json" \
+                https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels/$TARGET_LABEL
+               else
+                echo "Label '$TARGET_LABEL' was added by the authorized user '$AUTHORIZED_USER'. No action needed."
+               fi
diff --git a/.github/workflows/gate-check.yml b/.github/workflows/gate-check.yml
@@ -0,0 +1,38 @@
+name: Gate Check
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]  # 在PR打开、同步、重新打开时触发
+
+jobs:
+  codearts-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check and Remove Label
+        run: |
+            # 定义需要移除的标签
+            TARGET_LABEL="gate_check_pass"
+
+            # 调用 GitHub API 删除标签
+            curl -X DELETE \
+              -H "Authorization: token ${{ secrets.OWNER_TOKEN }}" \
+              -H "Accept: application/vnd.github.v3+json" \
+              https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels/$TARGET_LABEL
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Make script executable
+        run: chmod +x ./.github/script/codearts_check.sh
+
+      - name: Post a comment to the PR
+        run: |
+            curl -X POST \
+              -H "Authorization: token ${{ secrets.OWNER_TOKEN }}" \
+              -H "Accept: application/vnd.github.v3+json" \
+              https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments \
+              -d '{"body": "开始门禁检查，等门禁检查通过后可以合入"}'
+
+      - name: RUN CodeArts Pipeline
+        env:
+          GIT_URL: ${{ github.server_url }}/${{ github.repository }}.git
+        run: ./.github/script/codearts_check.sh $GITHUB_HEAD_REF ${{ github.event.pull_request.number }}  ${{ secrets.CODEARTS_PASSWORD }} ${{ secrets.CODEARTS_PIPELINE }} ${{ secrets.CODEARTS_ENDPOINT_ID }} $GIT_URL ${GITHUB_REPOSITORY%/*} ${GITHUB_REPOSITORY##*/}
diff --git a/.github/workflows/label-check.yml b/.github/workflows/label-check.yml
@@ -0,0 +1,19 @@
+name: PR Label Check
+
+on:
+  pull_request:
+    types: [labeled,unlabeled, opened, reopened, edited]
+
+jobs:
+  check-label:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check PR Labels
+        uses: actions/github-script@v6
+        with:
+          script: |
+            const requiredLabel = 'gate_check_pass'; // 替换为你的标签名称
+            const labels = context.payload.pull_request.labels.map(label => label.name);
+            if (!labels.includes(requiredLabel)) {
+              throw new Error(`PR 必须包含标签: ${requiredLabel}`);
+            }