diff --git a/.github/workflows/checkNextChangelog.yml b/.github/workflows/checkNextChangelog.yml index 5f22510069..c98262f647 100644 --- a/.github/workflows/checkNextChangelog.yml +++ b/.github/workflows/checkNextChangelog.yml @@ -2,7 +2,7 @@ name: Check for NEXT_CHANGELOG.md Changes on: pull_request_target: - branches: [ main ] + branches: [ main ] permissions: contents: read @@ -23,93 +23,91 @@ jobs: - name: Fetch list of changed files id: changed-files + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - files=$(git diff --name-only HEAD^ HEAD || git diff --name-only origin/main HEAD) - echo "MODIFIED_FILES<> $GITHUB_ENV - echo "$files" >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV + # Use the GitHub API to fetch changed files + files=$(gh pr view ${{ github.event.pull_request.number }} --json files -q '.files[].path') + + # Sanitize to avoid code injection + sanitized_files=$(echo "$files" | sed 's/[^a-zA-Z0-9._/-]/_/g') + + # Store the sanitized list of files in a temporary file to avoid env variable issues + echo "$sanitized_files" > modified_files.txt + echo "$sanitized_files" + + - name: Fetch PR message + id: pr-message + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + # Use the GitHub API to fetch the PR message + pr_message=$(gh pr view ${{ github.event.pull_request.number }} --json body -q '.body') + + # Sanitize the PR message to avoid code injection, keeping the equal sign + sanitized_pr_message=$(echo "$pr_message" | sed 's/[^a-zA-Z0-9._/-=]/_/g') + + # Store the sanitized PR message + echo "$sanitized_pr_message" > pr_message.txt + echo "$sanitized_pr_message" - name: Verify NEXT_CHANGELOG.md was modified or PR message contains NO_CHANGELOG=true - id: verify-changelog run: | - PR_BODY="${{ github.event.pull_request.body }}" - echo "PR body: $PR_BODY" + # Read the sanitized files and PR message from the temporary files + modified_files=$(cat modified_files.txt) + pr_message=$(cat pr_message.txt) - if ! echo "$MODIFIED_FILES" | grep -q "NEXT_CHANGELOG.md"; then - if echo "$PR_BODY" | grep -q "NO_CHANGELOG=true"; then - echo "NO_CHANGELOG=true found in PR body." - echo "CHANGELOG_NEEDED=false" >> $GITHUB_ENV + # Check if NEXT_CHANGELOG.md exists in the list of changed files + echo "Changed files: $modified_files" + if ! echo "$modified_files" | grep -q "NEXT_CHANGELOG.md"; then + echo "NEXT_CHANGELOG.md not modified." + + # Check if PR message contains NO_CHANGELOG=true + if echo "$pr_message" | grep -q "NO_CHANGELOG=true"; then + echo "NO_CHANGELOG=true found in PR message. Skipping changelog check." exit 0 else - echo "ERROR: NEXT_CHANGELOG.md not modified and NO_CHANGELOG=true not present." - echo "CHANGELOG_NEEDED=true" >> $GITHUB_ENV + echo "WARNING: file NEXT_CHANGELOG.md not changed. If this is expected, add NO_CHANGELOG=true to the PR message." exit 1 fi - else - echo "✅ NEXT_CHANGELOG.md was updated." - echo "CHANGELOG_NEEDED=false" >> $GITHUB_ENV fi - name: Comment on PR with instructions if needed - if: failure() && env.CHANGELOG_NEEDED == 'true' - uses: actions/github-script@v7 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - const { owner, repo } = context.repo; - const issue_number = context.issue.number; - - // Check if we've already commented - const comments = await github.rest.issues.listComments({ - owner, - repo, - issue_number - }); - - const existingComment = comments.data.find(comment => - comment.body.includes('') - ); - - if (!existingComment) { - await github.rest.issues.createComment({ - owner, - repo, - issue_number, - body: ` - Please ensure that the \`NEXT_CHANGELOG.md\` file is updated with any relevant changes. - If this is not necessary for your PR, include this in the PR body: - - \`\`\` - NO_CHANGELOG=true - \`\`\` - - and rerun the workflow.` - }); - } + if: failure() # This step will only run if the previous step fails (i.e., if NEXT_CHANGELOG.md was not modified and NO_CHANGELOG=true was not in the PR message) + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + # Check if a comment exists with the instructions + previous_comment_ids=$(gh api "repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" \ + --jq '.[] | select(.body | startswith("")) | .id') + echo "Previous comment IDs: $previous_comment_ids" + + # If no previous comment exists, add one with instructions + if [ -z "$previous_comment_ids" ]; then + echo "Adding instructions comment." + gh pr comment ${{ github.event.pull_request.number }} --body \ + " + Please ensure that the NEXT_CHANGELOG.md file is updated with any relevant changes. + If this is not necessary for your PR, please include the following in your PR description: + NO_CHANGELOG=true + and rerun the job." + fi - name: Delete instructions comment on success - if: success() && env.CHANGELOG_NEEDED == 'false' - uses: actions/github-script@v7 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - const { owner, repo } = context.repo; - const issue_number = context.issue.number; - - const comments = await github.rest.issues.listComments({ - owner, - repo, - issue_number - }); - - const existingComments = comments.data.filter(comment => - comment.body.includes('') - ); - - for (const comment of existingComments) { - await github.rest.issues.deleteComment({ - owner, - repo, - comment_id: comment.id - }); - } \ No newline at end of file + if: success() # This step will only run if the previous check passed (i.e., if NEXT_CHANGELOG.md was modified or NO_CHANGELOG=true is in the PR message) + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + # Check if there is a previous instructions comment + previous_comment_ids=$(gh api "repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" \ + --jq '.[] | select(.body | startswith("")) | .id') + + # If a comment exists, delete it + if [ -n "$previous_comment_ids" ]; then + echo "Deleting previous instructions comment." + for comment_id in $previous_comment_ids; do + gh api "repos/${{ github.repository }}/issues/comments/$comment_id" --method DELETE + done + else + echo "No instructions comment found to delete." + fi \ No newline at end of file