Merge pull request #284 from heitorlessa/chore/dummy

Author: heitorlessa

.github/scripts/enforce_acknowledgment.js

@@ -0,0 +1,40 @@
+const {
+PR_ACTION,
+PR_AUTHOR,
+PR_BODY,
+PR_NUMBER,
+IGNORE_AUTHORS,
+LABEL_BLOCK,
+LABEL_BLOCK_REASON
+} = require("./constants")
+
+module.exports = async ({github, context, core}) => {
+    if (IGNORE_AUTHORS.includes(PR_AUTHOR)) {
+    return core.notice("Author in IGNORE_AUTHORS list; skipping...")
+    }
+
+    if (PR_ACTION != "opened") {
+    return core.notice("Only newly open PRs are labelled to avoid spam; skipping")
+    }
+
+    const RELATED_ISSUE_REGEX = /Issue number:[^\d\r\n]+(?<issue>\d+)/;
+    const isMatch = RELATED_ISSUE_REGEX.exec(PR_BODY);
+    if (isMatch == null) {
+        core.info(`No related issue found, maybe the author didn't use the template but there is one.`)
+
+        let msg = "No related issues found. Please ensure there is an open issue related to this change to avoid significant delays or closure.";
+        await github.rest.issues.createComment({
+        owner: context.repo.owner,
+        repo: context.repo.repo,
+        body: msg,
+        issue_number: PR_NUMBER,
+        });
+
+        return await github.rest.issues.addLabels({
+        issue_number: PR_NUMBER,
+        owner: context.repo.owner,
+        repo: context.repo.repo,
+        labels: [LABEL_BLOCK, LABEL_BLOCK_REASON]
+        })
+    }
+}

.github/workflows/label_pr_on_title.yml

@@ -14,6 +14,7 @@ jobs:
     uses: ./.github/workflows/reusable_export_pr_details.yml
     with:
       record_pr_workflow_id: ${{ github.event.workflow_run.id }}
+      workflow_origin: ${{ github.event.repository.full_name }}
     secrets:
       token: ${{ secrets.GITHUB_TOKEN }}
   label_pr:

.github/workflows/on_merged_pr.yml

@@ -12,6 +12,7 @@ jobs:
     uses: ./.github/workflows/reusable_export_pr_details.yml
     with:
       record_pr_workflow_id: ${{ github.event.workflow_run.id }}
+      workflow_origin: ${{ github.event.repository.full_name }}
     secrets:
       token: ${{ secrets.GITHUB_TOKEN }}
   release_label_on_merge:

.github/workflows/on_opened_pr.yml

@@ -10,8 +10,10 @@ jobs:
   get_pr_details:
     if: ${{ github.event.workflow_run.conclusion == 'success' }}
     uses: ./.github/workflows/reusable_export_pr_details.yml
+    env:
     with:
       record_pr_workflow_id: ${{ github.event.workflow_run.id }}
+      workflow_origin: ${{ github.event.repository.full_name }}
     secrets:
       token: ${{ secrets.GITHUB_TOKEN }}
   check_related_issue:
@@ -20,7 +22,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: "Debug workflow_run event"
-        run: echo ${{ toJSON(github.event) }}
+        run: echo "${{ github }}"
       - name: "Ensure related issue is present"
         uses: actions/github-script@v6
         env:

.github/workflows/reusable_export_pr_details.yml

@@ -6,6 +6,11 @@ on:
       record_pr_workflow_id:
         required: true
         type: number
+      # this protects from anyone mimicking "Record PR details" dependency
+      # regardless of our untrusted input validation
+      workflow_origin:
+        required: true
+        type: string
     secrets:
       token:
         required: true
@@ -32,6 +37,7 @@ on:
 
 jobs:
   export_pr_details:
+    if: inputs.workflow_origin == "bla/bla"
     runs-on: ubuntu-latest
     env:
       FILENAME: pr.txt