Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Split workitem validation and labeling workflows #2960

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
+131 −107
Open

Split workitem validation and labeling workflows #2960

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4cf4288
Split workitem validation
aholstrup1 Feb 14, 2025
bd287a5
Remove pull request labeler
aholstrup1 Feb 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 72 additions & 0 deletions .github/workflows/EnrichPullRequest.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
name: Enrich Pull Request
on:
workflow_run:
workflows: ["Work Item Validation"]
types:
- completed

permissions:
contents: read
pull-requests: write
issues: write

defaults:
run:
shell: pwsh

jobs:
GitHubIssueValidation:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't there be a check here that the parent workflow was successful?

name: 'Validate link to issues and work items'
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Validate work items for pull request
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
build/scripts/PullRequestValidation/ValidateIssuesForPullRequest.ps1 -PullRequestNumber ${{github.event.workflow_run.pull_requests[0].number}} -Repository ${{ github.repository }}
- name: Link work items to pull request if possible
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
build/scripts/PullRequestValidation/LinkPullRequestToWorkItem.ps1 -PullRequestNumber ${{github.event.workflow_run.pull_requests[0].number}} -Repository ${{ github.repository }}
- name: Validate internal work items for pull request
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
build/scripts/PullRequestValidation/ValidateInternalWorkItemForPullRequest.ps1 -PullRequestNumber ${{github.event.workflow_run.pull_requests[0].number}} -Repository ${{ github.repository }}
- name: Add Linked label to PR
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- name: Add Linked label to PR
- name: Add Linked label to PR

if: github.event.workflow_run.head_repository.full_name != github.repository
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh api /repos/${{ github.repository }}/issues/${{github.event.workflow_run.pull_requests[0].number}}/labels -f "labels[]=Linked" -H "Accept: application/vnd.github.v3+json" -H "X-GitHub-Api-Version: 2022-11-28"
- name: Add milestone to PR
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
build/scripts/PullRequestValidation/AddMilestoneToPullRequest.ps1 -PullRequestNumber ${{github.event.workflow_run.pull_requests[0].number}} -Repository ${{ github.repository }}
Label:
name: 'Label pull request'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the same workflow, can't the two jobs be consolidated as well?

runs-on: ubuntu-latest
steps:
- name: Label pull request
uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
with:
repo-token: '${{ secrets.GITHUB_TOKEN }}'
sync-labels: true
pr-number: ${{github.event.workflow_run.pull_requests[0].number}}

- name: Label community contribution
if: github.event.workflow_run.head_repository.full_name != github.repository
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh api /repos/${{ github.repository }}/issues/${{github.event.workflow_run.pull_requests[0].number}}/labels -f "labels[]=From Fork" -H "Accept: application/vnd.github.v3+json" -H "X-GitHub-Api-Version: 2022-11-28"
30 changes: 0 additions & 30 deletions .github/workflows/PullRequestLabeler.yaml
View file
Open in desktop

This file was deleted.

88 changes: 26 additions & 62 deletions .github/workflows/WorkitemValidation.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,73 +1,37 @@
name: Work Item Validation

on:
pull_request_target:
pull_request:
types: [opened, synchronize, reopened, edited]
branches: [ 'main', 'releases/*' ]

permissions:
contents: read
pull-requests: write
issues: write
permissions: read-all

defaults:
run:
shell: pwsh

jobs:
GitHubIssueValidation:
if: github.repository_owner == 'microsoft' && github.event.pull_request.state == 'open'
name: 'Validate link to issues'
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Validate work items for pull request
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
build/scripts/PullRequestValidation/ValidateIssuesForPullRequest.ps1 -PullRequestNumber ${{ github.event.pull_request.number }} -Repository ${{ github.repository }}

WorkItemValidationForMicrosoft:
if: github.repository_owner == 'microsoft' && github.event.pull_request.state == 'open'
name: 'For Microsoft: Validate link to internal work items'
runs-on: ubuntu-latest
needs: GitHubIssueValidation
steps:
- name: Harden Runner
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Link work items to pull request if possible
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
build/scripts/PullRequestValidation/LinkPullRequestToWorkItem.ps1 -PullRequestNumber ${{ github.event.pull_request.number }} -Repository ${{ github.repository }}

- name: Validate internal work items for pull request
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
build/scripts/PullRequestValidation/ValidateInternalWorkItemForPullRequest.ps1 -PullRequestNumber ${{ github.event.pull_request.number }} -Repository ${{ github.repository }}

- name: Add Linked label to PR
if: github.event.pull_request.head.repo.full_name != github.repository
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh api /repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels -f "labels[]=Linked" -H "Accept: application/vnd.github.v3+json" -H "X-GitHub-Api-Version: 2022-11-28"

- name: Add milestone to PR
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
build/scripts/PullRequestValidation/AddMilestoneToPullRequest.ps1 -PullRequestNumber ${{ github.event.pull_request.number }} -Repository ${{ github.repository }}
WorkItemValidationForMicrosoft:
name: 'For Microsoft: Validate link to internal work items'
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit

- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Validate work items for pull request
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
build/scripts/PullRequestValidation/ValidateIssuesForPullRequest.ps1 -PullRequestNumber ${{ github.event.pull_request.number }} -Repository ${{ github.repository }} -ValidateOnly

- name: Validate internal work items for pull request
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
build/scripts/PullRequestValidation/ValidateInternalWorkItemForPullRequest.ps1 -PullRequestNumber ${{ github.event.pull_request.number }} -Repository ${{ github.repository }} -ValidateOnly
18 changes: 12 additions & 6 deletions build/scripts/PullRequestValidation/ValidateInternalWorkItemForPullRequest.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@ param(
[Parameter(Mandatory = $true)]
[string] $PullRequestNumber,
[Parameter(Mandatory = $true)]
[string] $Repository
[string] $Repository,
[Parameter(Mandatory = $false)]
[switch] $ValidateOnly
)

# Set error action
Expand All @@ -24,22 +26,26 @@ function Test-ADOWorkItemIsLinked() {
[Parameter(Mandatory = $false)]
[string[]] $ADOWorkItems,
[Parameter(Mandatory = $false)]
[object] $PullRequest
[object] $PullRequest,
[Parameter(Mandatory = $false)]
[switch] $ValidateOnly
)

$Comment = "Could not find a linked ADO work item. Please link one by using the pattern 'AB#' followed by the relevant work item number. You may use the 'Fixes' keyword to automatically resolve the work item when the pull request is merged. E.g. 'Fixes AB#1234'"

if (-not $ADOWorkItems) {
# If the pull request is not from a fork, add a comment to the pull request
if (-not $PullRequest.IsFromFork()) {
# If the pull request is not from a fork and not validate only, add a comment
if (-not $PullRequest.IsFromFork() -and -not $ValidateOnly) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull requests: write permissions are only needed to add the comment, right?

How about we scratch that part? The workflow error should be descriptive enough.

$PullRequest.AddComment($Comment)
}

# Throw an error if there is no linked ADO workitem
throw $Comment
}

$PullRequest.RemoveComment($Comment)
if (-not $ValidateOnly) {
$PullRequest.RemoveComment($Comment)
}
}

Write-Host "Validating PR $PullRequestNumber"
Expand All @@ -52,6 +58,6 @@ if (-not $pullRequest) {
$adoWorkItems = $pullRequest.GetLinkedADOWorkItemIDs()

# Validate that all pull requests links to an ADO workitem
Test-ADOWorkItemIsLinked -ADOWorkItems $adoWorkItems -PullRequest $PullRequest
Test-ADOWorkItemIsLinked -ADOWorkItems $adoWorkItems -PullRequest $PullRequest -ValidateOnly:$ValidateOnly

Write-Host "PR $PullRequestNumber validated successfully" -ForegroundColor Green
30 changes: 21 additions & 9 deletions build/scripts/PullRequestValidation/ValidateIssuesForPullRequest.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@ param(
[Parameter(Mandatory = $true)]
[string] $PullRequestNumber,
[Parameter(Mandatory = $true)]
[string] $Repository
[string] $Repository,
[Parameter(Mandatory = $false)]
[switch] $ValidateOnly
)

# Set error action
Expand All @@ -24,18 +26,24 @@ function Test-IssueIsLinked() {
[Parameter(Mandatory = $false)]
[string[]] $IssueIds,
[Parameter(Mandatory = $false)]
[object] $PullRequest
[object] $PullRequest,
[Parameter(Mandatory = $false)]
[switch] $ValidateOnly
)

$Comment = "Could not find linked issues in the pull request description. Please make sure the pull request description contains a line that contains 'Fixes #' followed by the issue number being fixed. Use that pattern for every issue you want to link."

if (-not $IssueIds) {
# If the pull request is from a fork, add a comment to the pull request and throw an error
$PullRequest.AddComment($Comment)
if (-not $ValidateOnly) {
$PullRequest.AddComment($Comment)
}
throw $Comment
}

$PullRequest.RemoveComment($Comment)
if (-not $ValidateOnly) {
$PullRequest.RemoveComment($Comment)
}
}

<#
Expand All @@ -59,7 +67,9 @@ function Test-GitHubIssue() {
[Parameter(Mandatory = $false)]
[string[]] $IssueIds,
[Parameter(Mandatory = $false)]
[object] $PullRequest
[object] $PullRequest,
[Parameter(Mandatory = $false)]
[switch] $ValidateOnly
)
$invalidIssues = @()

Expand All @@ -71,10 +81,12 @@ function Test-GitHubIssue() {
$isValid = $issue -and ((-not $PullRequest.IsFromFork()) -or $issue.IsApproved()) -and $issue.IsOpen() -and (-not $issue.IsPullRequest())
$Comment = "Issue #$($issueId) is not valid. Please make sure you link an **issue** that exists, is **open** and is **approved**."
if (-not $isValid) {
$PullRequest.AddComment($Comment)
if (-not $ValidateOnly) {
$PullRequest.AddComment($Comment)
}
$invalidIssues += $issueId
}
else {
elseif (-not $ValidateOnly) {
$PullRequest.RemoveComment($Comment)
}
}
Expand All @@ -95,10 +107,10 @@ $issueIds = $pullRequest.GetLinkedIssueIDs()

# If the pull request is from a fork, validate that it links to an issue
if ($pullRequest.IsFromFork()) {
Test-IssueIsLinked -IssueIds $issueIds -PullRequest $PullRequest
Test-IssueIsLinked -IssueIds $issueIds -PullRequest $PullRequest -ValidateOnly:$ValidateOnly
}

# Validate that all issues linked to the pull request are open and approved
Test-GitHubIssue -Repository $Repository -IssueIds $issueIds -PullRequest $PullRequest
Test-GitHubIssue -Repository $Repository -IssueIds $issueIds -PullRequest $PullRequest -ValidateOnly:$ValidateOnly

Write-Host "PR $PullRequestNumber validated successfully" -ForegroundColor Green
Loading