release/v0.3.32 -> latest #457
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Clean spam PRs | |
on: | |
pull_request: | |
branches: [ master, dev, latest, v*.*.*, release/v*.*.*, feature/*, bugfix/* ] | |
jobs: | |
# isolate signing & repo cloning from docker image | |
setup: | |
name: Verify PR validity | |
runs-on: ubuntu-20.04 | |
permissions: | |
contents: write | |
packages: write | |
id-token: write | |
pull-requests: write | |
env: | |
REF_BRANCH: ${{ github.event.pull_request.head.ref }} | |
BASE_REF_BRANCH: ${{ github.base_ref }} | |
steps: | |
# Work around https://github.com/actions/checkout/issues/760 | |
- name: Add safe.directory | |
run: | | |
git config --global --add safe.directory /github/workspace | |
git config --global --add safe.directory $PWD | |
# ref.: https://github.com/actions/checkout, v3.0.0 | |
- name: Checkout repository | |
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 | |
# Branch name is also a version of the release | |
# ref: https://stackoverflow.com/questions/58033366/how-to-get-the-current-branch-within-github-actions | |
- name: Extract branch name & release version | |
shell: bash | |
run: | | |
chmod -Rv 555 ./scripts | |
VERSION_REGEX="^(v?)([0-9]+)\.([0-9]+)\.([0-9]+)(-?)([a-zA-Z]+)?(\.?([0-9]+)?)$" | |
REPOSITORY_NAME=${{ github.event.repository.name }} | |
RELEASE_VER=$(./scripts/version.sh) && echo "RELEASE_VER=$RELEASE_VER" >> $GITHUB_ENV | |
RELEASE_BRANCH="release/$RELEASE_VER" && echo "RELEASE_BRANCH=$RELEASE_BRANCH" >> $GITHUB_ENV | |
SOURCE_BRANCH="$(echo ${{ env.REF_BRANCH }})" && echo "SOURCE_BRANCH=$SOURCE_BRANCH" >> $GITHUB_ENV | |
DESTINATION_BRANCH="$(echo ${{ env.BASE_REF_BRANCH }})" && echo "DESTINATION_BRANCH=$DESTINATION_BRANCH" >> $GITHUB_ENV | |
git ls-remote https://github.com/kiracore/$REPOSITORY_NAME | egrep -q "refs/tags/${RELEASE_VER}$" && echo "RELEASE_EXISTS=true" >> $GITHUB_ENV || echo "RELEASE_EXISTS=false" >> $GITHUB_ENV | |
[[ "$SOURCE_BRANCH" =~ $VERSION_REGEX ]] && echo "SOURCE_VERSIONED=true" >> $GITHUB_ENV || echo "SOURCE_VERSIONED=false" >> $GITHUB_ENV | |
[[ "$DESTINATION_BRANCH" =~ $VERSION_REGEX ]] && echo "DESTINATION_VERSIONED=true" >> $GITHUB_ENV || echo "DESTINATION_VERSIONED=false" >> $GITHUB_ENV | |
- name: Print debug data before publishing | |
run: | | |
echo " Source branch: ${{ env.SOURCE_BRANCH }}" | |
echo "Destination branch: ${{ env.DESTINATION_BRANCH }}" | |
echo " Release branch: ${{ env.RELEASE_BRANCH }}" | |
echo " Release exists: ${{ env.RELEASE_EXISTS }}" | |
- name: Reject invalid PRs to master, dev or latest | |
# ref.: https://github.com/dessant/repo-lockdown | |
uses: dessant/repo-lockdown@0b093279a77b44bbc38e85089b5463dd06b4aea4 | |
if: | | |
( env.DESTINATION_BRANCH == 'master' || env.DESTINATION_BRANCH == 'dev' || env.DESTINATION_BRANCH == 'latest' ) && | |
( !startsWith(env.SOURCE_BRANCH, 'release/v') && !contains(env.SOURCE_BRANCH, '.') ) | |
with: | |
pr-labels: 'invalid' | |
pr-comment: > | |
This repository does not accept pull requests from non version branches. | |
--- Please CLOSE this PR after acknowledging the issue --- | |
close-pr: false | |
lock-pr: true | |
pr-lock-reason: 'spam' | |
- name: Reject invalid PRs to version branches that do NOT originate from feature/* or debug/* | |
# ref.: https://github.com/dessant/repo-lockdown | |
uses: dessant/repo-lockdown@0b093279a77b44bbc38e85089b5463dd06b4aea4 | |
if: | | |
( startsWith(env.DESTINATION_BRANCH, 'release/v') && contains(env.DESTINATION_BRANCH, '.') ) && | |
( !startsWith(env.SOURCE_BRANCH, 'feature') && !startsWith(env.SOURCE_BRANCH, 'bugfix') ) | |
with: | |
pr-labels: 'invalid' | |
pr-comment: > | |
This repository does not accept pull requests from feature/* & bugfix/* branches. | |
--- Please CLOSE this PR after acknowledging the issue --- | |
close-pr: false | |
lock-pr: true | |
pr-lock-reason: 'spam' | |
- name: Reject PRs to version branches with invalid RELEASE files | |
# ref.: https://github.com/dessant/repo-lockdown | |
uses: dessant/repo-lockdown@0b093279a77b44bbc38e85089b5463dd06b4aea4 | |
if: | | |
( startsWith(env.DESTINATION_BRANCH, 'release/v') && contains(env.DESTINATION_BRANCH, '.') ) && | |
( env.DESTINATION_BRANCH != env.RELEASE_BRANCH ) | |
with: | |
pr-labels: 'invalid' | |
pr-comment: > | |
The release version (${{ env.RELEASE_VER }}) does NOT match the branch name (${{ env.DESTINATION_BRANCH }}). | |
--- Please CLOSE this PR after acknowledging the issue --- | |
close-pr: false | |
lock-pr: true | |
pr-lock-reason: 'spam' | |
- name: Reject PRs to version branches, with were already released | |
# ref.: https://github.com/dessant/repo-lockdown | |
uses: dessant/repo-lockdown@0b093279a77b44bbc38e85089b5463dd06b4aea4 | |
if: | | |
( startsWith(env.DESTINATION_BRANCH, 'release/v') && contains(env.DESTINATION_BRANCH, '.') ) && | |
( env.RELEASE_EXISTS == true || env.RELEASE_EXISTS == 'true' ) | |
with: | |
pr-labels: 'invalid' | |
pr-comment: > | |
Version (${{ env.RELEASE_VER }}) was already released! | |
It is NOT allowed to create PRs to version branches which were already released. | |
--- Please CLOSE this PR after acknowledging the issue --- | |
close-pr: false | |
lock-pr: true | |
pr-lock-reason: 'spam' |