-
Notifications
You must be signed in to change notification settings - Fork 2
executable file
·110 lines (104 loc) · 5.88 KB
/
spam.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
name: Clean spam PRs
on:
pull_request:
branches: [ master, dev, latest, v*.*.*, release/v*.*.*, feature/*, bugfix/* ]
jobs:
# isolate signing & repo cloning from docker image
setup:
name: Verify PR validity
runs-on: ubuntu-20.04
permissions:
contents: write
packages: write
id-token: write
pull-requests: write
env:
REF_BRANCH: ${{ github.event.pull_request.head.ref }}
BASE_REF_BRANCH: ${{ github.base_ref }}
steps:
# Work around https://github.com/actions/checkout/issues/760
- name: Add safe.directory
run: |
git config --global --add safe.directory /github/workspace
git config --global --add safe.directory $PWD
# ref.: https://github.com/actions/checkout, v3.0.0
- name: Checkout repository
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
# Branch name is also a version of the release
# ref: https://stackoverflow.com/questions/58033366/how-to-get-the-current-branch-within-github-actions
- name: Extract branch name & release version
shell: bash
run: |
chmod -Rv 555 ./scripts
VERSION_REGEX="^(v?)([0-9]+)\.([0-9]+)\.([0-9]+)(-?)([a-zA-Z]+)?(\.?([0-9]+)?)$"
REPOSITORY_NAME=${{ github.event.repository.name }}
RELEASE_VER=$(./scripts/version.sh) && echo "RELEASE_VER=$RELEASE_VER" >> $GITHUB_ENV
RELEASE_BRANCH="release/$RELEASE_VER" && echo "RELEASE_BRANCH=$RELEASE_BRANCH" >> $GITHUB_ENV
SOURCE_BRANCH="$(echo ${{ env.REF_BRANCH }})" && echo "SOURCE_BRANCH=$SOURCE_BRANCH" >> $GITHUB_ENV
DESTINATION_BRANCH="$(echo ${{ env.BASE_REF_BRANCH }})" && echo "DESTINATION_BRANCH=$DESTINATION_BRANCH" >> $GITHUB_ENV
git ls-remote https://github.com/kiracore/$REPOSITORY_NAME | egrep -q "refs/tags/${RELEASE_VER}$" && echo "RELEASE_EXISTS=true" >> $GITHUB_ENV || echo "RELEASE_EXISTS=false" >> $GITHUB_ENV
[[ "$SOURCE_BRANCH" =~ $VERSION_REGEX ]] && echo "SOURCE_VERSIONED=true" >> $GITHUB_ENV || echo "SOURCE_VERSIONED=false" >> $GITHUB_ENV
[[ "$DESTINATION_BRANCH" =~ $VERSION_REGEX ]] && echo "DESTINATION_VERSIONED=true" >> $GITHUB_ENV || echo "DESTINATION_VERSIONED=false" >> $GITHUB_ENV
- name: Print debug data before publishing
run: |
echo " Source branch: ${{ env.SOURCE_BRANCH }}"
echo "Destination branch: ${{ env.DESTINATION_BRANCH }}"
echo " Release branch: ${{ env.RELEASE_BRANCH }}"
echo " Release exists: ${{ env.RELEASE_EXISTS }}"
- name: Reject invalid PRs to master, dev or latest
# ref.: https://github.com/dessant/repo-lockdown
uses: dessant/repo-lockdown@0b093279a77b44bbc38e85089b5463dd06b4aea4
if: |
( env.DESTINATION_BRANCH == 'master' || env.DESTINATION_BRANCH == 'dev' || env.DESTINATION_BRANCH == 'latest' ) &&
( !startsWith(env.SOURCE_BRANCH, 'release/v') && !contains(env.SOURCE_BRANCH, '.') )
with:
pr-labels: 'invalid'
pr-comment: >
This repository does not accept pull requests from non version branches.
--- Please CLOSE this PR after acknowledging the issue ---
close-pr: false
lock-pr: true
pr-lock-reason: 'spam'
- name: Reject invalid PRs to version branches that do NOT originate from feature/* or debug/*
# ref.: https://github.com/dessant/repo-lockdown
uses: dessant/repo-lockdown@0b093279a77b44bbc38e85089b5463dd06b4aea4
if: |
( startsWith(env.DESTINATION_BRANCH, 'release/v') && contains(env.DESTINATION_BRANCH, '.') ) &&
( !startsWith(env.SOURCE_BRANCH, 'feature') && !startsWith(env.SOURCE_BRANCH, 'bugfix') )
with:
pr-labels: 'invalid'
pr-comment: >
This repository does not accept pull requests from feature/* & bugfix/* branches.
--- Please CLOSE this PR after acknowledging the issue ---
close-pr: false
lock-pr: true
pr-lock-reason: 'spam'
- name: Reject PRs to version branches with invalid RELEASE files
# ref.: https://github.com/dessant/repo-lockdown
uses: dessant/repo-lockdown@0b093279a77b44bbc38e85089b5463dd06b4aea4
if: |
( startsWith(env.DESTINATION_BRANCH, 'release/v') && contains(env.DESTINATION_BRANCH, '.') ) &&
( env.DESTINATION_BRANCH != env.RELEASE_BRANCH )
with:
pr-labels: 'invalid'
pr-comment: >
The release version (${{ env.RELEASE_VER }}) does NOT match the branch name (${{ env.DESTINATION_BRANCH }}).
--- Please CLOSE this PR after acknowledging the issue ---
close-pr: false
lock-pr: true
pr-lock-reason: 'spam'
- name: Reject PRs to version branches, with were already released
# ref.: https://github.com/dessant/repo-lockdown
uses: dessant/repo-lockdown@0b093279a77b44bbc38e85089b5463dd06b4aea4
if: |
( startsWith(env.DESTINATION_BRANCH, 'release/v') && contains(env.DESTINATION_BRANCH, '.') ) &&
( env.RELEASE_EXISTS == true || env.RELEASE_EXISTS == 'true' )
with:
pr-labels: 'invalid'
pr-comment: >
Version (${{ env.RELEASE_VER }}) was already released!
It is NOT allowed to create PRs to version branches which were already released.
--- Please CLOSE this PR after acknowledging the issue ---
close-pr: false
lock-pr: true
pr-lock-reason: 'spam'