From 93f562202af74e4a431ed7c318b452a8a91d5c8b Mon Sep 17 00:00:00 2001 From: Ulises Gascon Date: Sat, 7 Dec 2024 18:48:45 +0100 Subject: [PATCH 1/3] ci: improve explanation in pipeline message --- .github/workflows/check-migrations.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-migrations.yml b/.github/workflows/check-migrations.yml index 4bbc502..f514d0c 100644 --- a/.github/workflows/check-migrations.yml +++ b/.github/workflows/check-migrations.yml @@ -42,7 +42,7 @@ jobs: "- [ ] Have you run `npm run db:generate-schema` to ensure the updated schemas are included in your PR?\n" + "- [ ] Have you run \`npm run db:migrate\` and then \`npm run db:rollback\` to confirm that rollbacks are working as expected?\n" + "\n" + - "Note: Please avoid making changes to existing migration files, as this will alter the file hash and could break migrations in production environments.\n" + "Note: Please avoid making changes to existing migration files, as they won't be executed again in deployed environments.\n" }); console.log("Comment added"); } else { From f184c432c5540331c66b1212ecba708d36da3ef4 Mon Sep 17 00:00:00 2001 From: Ulises Gascon Date: Sat, 7 Dec 2024 19:19:58 +0100 Subject: [PATCH 2/3] ci: add pipeline to review compliance checks submissions --- .../workflows/review-compliance-checks.yml | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 .github/workflows/review-compliance-checks.yml diff --git a/.github/workflows/review-compliance-checks.yml b/.github/workflows/review-compliance-checks.yml new file mode 100644 index 0000000..30f6b15 --- /dev/null +++ b/.github/workflows/review-compliance-checks.yml @@ -0,0 +1,58 @@ +name: Check Migrations + +on: + pull_request: + types: [opened, synchronize] + paths: + - 'src/checks/**' + +permissions: + issues: write + pull-requests: write + +jobs: + check-migrations: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Check and add comment to PR + uses: actions/github-script@v4 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const { data: comments } = await github.issues.listComments({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + }); + + const commentExists = comments.some(comment => + comment.body.includes("It looks like you've made changes to the compliance checks.") + ); + + if (!commentExists) { + await github.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + body: "It looks like you've made changes to the compliance checks. Thanks for your contribution!\n" + + "Here are some questions to ensure your changes are complete. Please feel free to ignore the ones that are not relevant:\n" + + "- [ ] Have you run `npm run db:generate-schema` to ensure the updated schemas are included in your PR?\n" + + "- [ ] Have you run `npm run db:migrate` and then `npm run db:rollback` to confirm that rollbacks are working as expected?\n" + + "- [ ] Have you updated the compliance check in the `compliance_checks` table?\n" + + "- [ ] Have you included a specific validator (`src/checks/validators/`) for this check with unit tests (`__tests__/checks/`)?\n" + + "- [ ] Have you included a specific file in `src/checks/complianceChecks` with the integration tests (`__tests__/checks/`)?\n" + + "- [ ] Have you included severity validation (`getSeverityFromPriorityGroup`) and checked applicability (`isCheckApplicableToProjectCategory`)?\n" + + "- [ ] Have you included the tasks, alerts, and results in the database tables?\n" + + "- [ ] Have you tested the check with `check run --name {check_code_name}` using the seeded database (`npm run db:seed`)?\n" + + "- [ ] Have you created a PR in [the website](https://github.com/secure-dashboards/openjs-security-program-standards) with the calculation details?\n" + + "\n" + + "You can find more information in [the contributing guide](/CONTRIBUTING.md#add-compliance-checks).\n" + }); + console.log("Comment added"); + } else { + console.log("Comment already exists"); + } From bdf21e919f3779dcb2295f079a2ffe823f654ef5 Mon Sep 17 00:00:00 2001 From: Ulises Gascon Date: Sat, 7 Dec 2024 19:20:16 +0100 Subject: [PATCH 3/3] feat: avoid duplicate PR comments --- .../workflows/{check-migrations.yml => review-migrations.yml} | 2 ++ 1 file changed, 2 insertions(+) rename .github/workflows/{check-migrations.yml => review-migrations.yml} (92%) diff --git a/.github/workflows/check-migrations.yml b/.github/workflows/review-migrations.yml similarity index 92% rename from .github/workflows/check-migrations.yml rename to .github/workflows/review-migrations.yml index f514d0c..015b718 100644 --- a/.github/workflows/check-migrations.yml +++ b/.github/workflows/review-migrations.yml @@ -12,6 +12,8 @@ permissions: jobs: check-migrations: + # Skip this job if the PR include changes for compliance checks + if: "!contains(github.event.pull_request.changed_files, 'src/checks/')" runs-on: ubuntu-latest steps: