From 4cf4288bdef63f86e09f0d32bf4d05d79dcca67c Mon Sep 17 00:00:00 2001 From: aholstrup1 Date: Fri, 14 Feb 2025 07:53:17 +0100 Subject: [PATCH 1/2] Split workitem validation --- .github/workflows/EnrichPullRequest.yaml | 72 +++++++++++++++ .github/workflows/WorkitemValidation.yaml | 88 ++++++------------- ...ValidateInternalWorkItemForPullRequest.ps1 | 18 ++-- .../ValidateIssuesForPullRequest.ps1 | 30 +++++-- 4 files changed, 131 insertions(+), 77 deletions(-) create mode 100644 .github/workflows/EnrichPullRequest.yaml diff --git a/.github/workflows/EnrichPullRequest.yaml b/.github/workflows/EnrichPullRequest.yaml new file mode 100644 index 0000000000..6e9e517995 --- /dev/null +++ b/.github/workflows/EnrichPullRequest.yaml @@ -0,0 +1,72 @@ +name: Enrich Pull Request +on: + workflow_run: + workflows: ["Work Item Validation"] + types: + - completed + +permissions: + contents: read + pull-requests: write + issues: write + +defaults: + run: + shell: pwsh + +jobs: + GitHubIssueValidation: + name: 'Validate link to issues and work items' + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Validate work items for pull request + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + build/scripts/PullRequestValidation/ValidateIssuesForPullRequest.ps1 -PullRequestNumber ${{github.event.workflow_run.pull_requests[0].number}} -Repository ${{ github.repository }} + - name: Link work items to pull request if possible + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + build/scripts/PullRequestValidation/LinkPullRequestToWorkItem.ps1 -PullRequestNumber ${{github.event.workflow_run.pull_requests[0].number}} -Repository ${{ github.repository }} + - name: Validate internal work items for pull request + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + build/scripts/PullRequestValidation/ValidateInternalWorkItemForPullRequest.ps1 -PullRequestNumber ${{github.event.workflow_run.pull_requests[0].number}} -Repository ${{ github.repository }} + - name: Add Linked label to PR + if: github.event.workflow_run.head_repository.full_name != github.repository + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh api /repos/${{ github.repository }}/issues/${{github.event.workflow_run.pull_requests[0].number}}/labels -f "labels[]=Linked" -H "Accept: application/vnd.github.v3+json" -H "X-GitHub-Api-Version: 2022-11-28" + - name: Add milestone to PR + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + build/scripts/PullRequestValidation/AddMilestoneToPullRequest.ps1 -PullRequestNumber ${{github.event.workflow_run.pull_requests[0].number}} -Repository ${{ github.repository }} + Label: + name: 'Label pull request' + runs-on: ubuntu-latest + steps: + - name: Label pull request + uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 + with: + repo-token: '${{ secrets.GITHUB_TOKEN }}' + sync-labels: true + pr-number: ${{github.event.workflow_run.pull_requests[0].number}} + + - name: Label community contribution + if: github.event.workflow_run.head_repository.full_name != github.repository + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh api /repos/${{ github.repository }}/issues/${{github.event.workflow_run.pull_requests[0].number}}/labels -f "labels[]=From Fork" -H "Accept: application/vnd.github.v3+json" -H "X-GitHub-Api-Version: 2022-11-28" \ No newline at end of file diff --git a/.github/workflows/WorkitemValidation.yaml b/.github/workflows/WorkitemValidation.yaml index e5c50921f0..ee49bf0769 100644 --- a/.github/workflows/WorkitemValidation.yaml +++ b/.github/workflows/WorkitemValidation.yaml @@ -1,73 +1,37 @@ name: Work Item Validation + on: - pull_request_target: + pull_request: types: [opened, synchronize, reopened, edited] branches: [ 'main', 'releases/*' ] -permissions: - contents: read - pull-requests: write - issues: write +permissions: read-all defaults: run: shell: pwsh jobs: - GitHubIssueValidation: - if: github.repository_owner == 'microsoft' && github.event.pull_request.state == 'open' - name: 'Validate link to issues' - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 - with: - egress-policy: audit - - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Validate work items for pull request - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - build/scripts/PullRequestValidation/ValidateIssuesForPullRequest.ps1 -PullRequestNumber ${{ github.event.pull_request.number }} -Repository ${{ github.repository }} - - WorkItemValidationForMicrosoft: - if: github.repository_owner == 'microsoft' && github.event.pull_request.state == 'open' - name: 'For Microsoft: Validate link to internal work items' - runs-on: ubuntu-latest - needs: GitHubIssueValidation - steps: - - name: Harden Runner - uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 - with: - egress-policy: audit - - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Link work items to pull request if possible - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - build/scripts/PullRequestValidation/LinkPullRequestToWorkItem.ps1 -PullRequestNumber ${{ github.event.pull_request.number }} -Repository ${{ github.repository }} - - - name: Validate internal work items for pull request - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - build/scripts/PullRequestValidation/ValidateInternalWorkItemForPullRequest.ps1 -PullRequestNumber ${{ github.event.pull_request.number }} -Repository ${{ github.repository }} - - - name: Add Linked label to PR - if: github.event.pull_request.head.repo.full_name != github.repository - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - gh api /repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels -f "labels[]=Linked" -H "Accept: application/vnd.github.v3+json" -H "X-GitHub-Api-Version: 2022-11-28" - - - name: Add milestone to PR - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - build/scripts/PullRequestValidation/AddMilestoneToPullRequest.ps1 -PullRequestNumber ${{ github.event.pull_request.number }} -Repository ${{ github.repository }} \ No newline at end of file + WorkItemValidationForMicrosoft: + name: 'For Microsoft: Validate link to internal work items' + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Validate work items for pull request + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + build/scripts/PullRequestValidation/ValidateIssuesForPullRequest.ps1 -PullRequestNumber ${{ github.event.pull_request.number }} -Repository ${{ github.repository }} -ValidateOnly + + - name: Validate internal work items for pull request + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + build/scripts/PullRequestValidation/ValidateInternalWorkItemForPullRequest.ps1 -PullRequestNumber ${{ github.event.pull_request.number }} -Repository ${{ github.repository }} -ValidateOnly \ No newline at end of file diff --git a/build/scripts/PullRequestValidation/ValidateInternalWorkItemForPullRequest.ps1 b/build/scripts/PullRequestValidation/ValidateInternalWorkItemForPullRequest.ps1 index 0965342a4c..3a294e965c 100644 --- a/build/scripts/PullRequestValidation/ValidateInternalWorkItemForPullRequest.ps1 +++ b/build/scripts/PullRequestValidation/ValidateInternalWorkItemForPullRequest.ps1 @@ -5,7 +5,9 @@ param( [Parameter(Mandatory = $true)] [string] $PullRequestNumber, [Parameter(Mandatory = $true)] - [string] $Repository + [string] $Repository, + [Parameter(Mandatory = $false)] + [switch] $ValidateOnly ) # Set error action @@ -24,14 +26,16 @@ function Test-ADOWorkItemIsLinked() { [Parameter(Mandatory = $false)] [string[]] $ADOWorkItems, [Parameter(Mandatory = $false)] - [object] $PullRequest + [object] $PullRequest, + [Parameter(Mandatory = $false)] + [switch] $ValidateOnly ) $Comment = "Could not find a linked ADO work item. Please link one by using the pattern 'AB#' followed by the relevant work item number. You may use the 'Fixes' keyword to automatically resolve the work item when the pull request is merged. E.g. 'Fixes AB#1234'" if (-not $ADOWorkItems) { - # If the pull request is not from a fork, add a comment to the pull request - if (-not $PullRequest.IsFromFork()) { + # If the pull request is not from a fork and not validate only, add a comment + if (-not $PullRequest.IsFromFork() -and -not $ValidateOnly) { $PullRequest.AddComment($Comment) } @@ -39,7 +43,9 @@ function Test-ADOWorkItemIsLinked() { throw $Comment } - $PullRequest.RemoveComment($Comment) + if (-not $ValidateOnly) { + $PullRequest.RemoveComment($Comment) + } } Write-Host "Validating PR $PullRequestNumber" @@ -52,6 +58,6 @@ if (-not $pullRequest) { $adoWorkItems = $pullRequest.GetLinkedADOWorkItemIDs() # Validate that all pull requests links to an ADO workitem -Test-ADOWorkItemIsLinked -ADOWorkItems $adoWorkItems -PullRequest $PullRequest +Test-ADOWorkItemIsLinked -ADOWorkItems $adoWorkItems -PullRequest $PullRequest -ValidateOnly:$ValidateOnly Write-Host "PR $PullRequestNumber validated successfully" -ForegroundColor Green \ No newline at end of file diff --git a/build/scripts/PullRequestValidation/ValidateIssuesForPullRequest.ps1 b/build/scripts/PullRequestValidation/ValidateIssuesForPullRequest.ps1 index 28e735a6ee..90d6258f2a 100644 --- a/build/scripts/PullRequestValidation/ValidateIssuesForPullRequest.ps1 +++ b/build/scripts/PullRequestValidation/ValidateIssuesForPullRequest.ps1 @@ -5,7 +5,9 @@ param( [Parameter(Mandatory = $true)] [string] $PullRequestNumber, [Parameter(Mandatory = $true)] - [string] $Repository + [string] $Repository, + [Parameter(Mandatory = $false)] + [switch] $ValidateOnly ) # Set error action @@ -24,18 +26,24 @@ function Test-IssueIsLinked() { [Parameter(Mandatory = $false)] [string[]] $IssueIds, [Parameter(Mandatory = $false)] - [object] $PullRequest + [object] $PullRequest, + [Parameter(Mandatory = $false)] + [switch] $ValidateOnly ) $Comment = "Could not find linked issues in the pull request description. Please make sure the pull request description contains a line that contains 'Fixes #' followed by the issue number being fixed. Use that pattern for every issue you want to link." if (-not $IssueIds) { # If the pull request is from a fork, add a comment to the pull request and throw an error - $PullRequest.AddComment($Comment) + if (-not $ValidateOnly) { + $PullRequest.AddComment($Comment) + } throw $Comment } - $PullRequest.RemoveComment($Comment) + if (-not $ValidateOnly) { + $PullRequest.RemoveComment($Comment) + } } <# @@ -59,7 +67,9 @@ function Test-GitHubIssue() { [Parameter(Mandatory = $false)] [string[]] $IssueIds, [Parameter(Mandatory = $false)] - [object] $PullRequest + [object] $PullRequest, + [Parameter(Mandatory = $false)] + [switch] $ValidateOnly ) $invalidIssues = @() @@ -71,10 +81,12 @@ function Test-GitHubIssue() { $isValid = $issue -and ((-not $PullRequest.IsFromFork()) -or $issue.IsApproved()) -and $issue.IsOpen() -and (-not $issue.IsPullRequest()) $Comment = "Issue #$($issueId) is not valid. Please make sure you link an **issue** that exists, is **open** and is **approved**." if (-not $isValid) { - $PullRequest.AddComment($Comment) + if (-not $ValidateOnly) { + $PullRequest.AddComment($Comment) + } $invalidIssues += $issueId } - else { + elseif (-not $ValidateOnly) { $PullRequest.RemoveComment($Comment) } } @@ -95,10 +107,10 @@ $issueIds = $pullRequest.GetLinkedIssueIDs() # If the pull request is from a fork, validate that it links to an issue if ($pullRequest.IsFromFork()) { - Test-IssueIsLinked -IssueIds $issueIds -PullRequest $PullRequest + Test-IssueIsLinked -IssueIds $issueIds -PullRequest $PullRequest -ValidateOnly:$ValidateOnly } # Validate that all issues linked to the pull request are open and approved -Test-GitHubIssue -Repository $Repository -IssueIds $issueIds -PullRequest $PullRequest +Test-GitHubIssue -Repository $Repository -IssueIds $issueIds -PullRequest $PullRequest -ValidateOnly:$ValidateOnly Write-Host "PR $PullRequestNumber validated successfully" -ForegroundColor Green \ No newline at end of file From bd287a56bcf1c112b01f4a5068d1da870182df0c Mon Sep 17 00:00:00 2001 From: aholstrup1 Date: Fri, 14 Feb 2025 08:07:50 +0100 Subject: [PATCH 2/2] Remove pull request labeler --- .github/workflows/PullRequestLabeler.yaml | 30 ----------------------- 1 file changed, 30 deletions(-) delete mode 100644 .github/workflows/PullRequestLabeler.yaml diff --git a/.github/workflows/PullRequestLabeler.yaml b/.github/workflows/PullRequestLabeler.yaml deleted file mode 100644 index f93cfa5eec..0000000000 --- a/.github/workflows/PullRequestLabeler.yaml +++ /dev/null @@ -1,30 +0,0 @@ -name: Pull request Labeler -on: - pull_request_target: - -permissions: - contents: read - pull-requests: write - issues: write - -defaults: - run: - shell: pwsh - -jobs: - Label: - runs-on: ubuntu-latest - if: github.repository_owner == 'microsoft' - steps: - - name: Label pull request - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 - with: - repo-token: '${{ secrets.GITHUB_TOKEN }}' - sync-labels: true - - - name: Label community contribution - if: github.event.pull_request.head.repo.full_name != github.repository - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - gh api /repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels -f "labels[]=From Fork" -H "Accept: application/vnd.github.v3+json" -H "X-GitHub-Api-Version: 2022-11-28"