diff --git a/.github/workflows/recipe-security-scanner.yml b/.github/workflows/recipe-security-scanner.yml index 3d6e3945d6bf..9f004ea1a17a 100644 --- a/.github/workflows/recipe-security-scanner.yml +++ b/.github/workflows/recipe-security-scanner.yml @@ -64,22 +64,33 @@ jobs: if: steps.recipe_changes.outputs.recipe_files_changed == 'true' run: sudo apt-get update && sudo apt-get install -y jq - - name: Find recipe files in PR + - name: Find changed recipe files in PR id: find_recipes if: steps.recipe_changes.outputs.recipe_files_changed == 'true' run: | set -e - echo "Looking for recipe files in PR..." + echo "Looking for changed recipe files in PR..." - # Find all .yaml/.yml files in the recipes directory - RECIPE_FILES=$(find documentation/src/pages/recipes/data/recipes/ -name "*.yaml" -o -name "*.yml" 2>/dev/null || true) + # Get the list of changed files in this PR + if [ "${{ github.event_name }}" = "pull_request" ] && [ "${{ github.event.action }}" = "synchronize" ]; then + # For synchronize events, check files changed since the previous commit + echo "📝 Synchronize event - checking files changed since previous commit" + CHANGED_FILES=$(git diff --name-only ${{ github.event.before }}..${{ github.event.after }}) + else + # For opened/reopened, check all files in the PR + echo "📝 PR opened/reopened - checking all files in PR" + CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}..HEAD) + fi + + # Filter for recipe files only that were changed + RECIPE_FILES=$(echo "$CHANGED_FILES" | grep "^documentation/src/pages/recipes/data/recipes/" | grep -E "\.(yaml|yml)$" || true) if [ -z "$RECIPE_FILES" ]; then - echo "No recipe files found in PR" + echo "No changed recipe files found in PR" echo "has_recipes=false" >> "$GITHUB_OUTPUT" echo "recipe_count=0" >> "$GITHUB_OUTPUT" else - echo "Found recipe files:" + echo "Found changed recipe files:" echo "$RECIPE_FILES" RECIPE_COUNT=$(echo "$RECIPE_FILES" | wc -l) echo "has_recipes=true" >> "$GITHUB_OUTPUT" diff --git a/.github/workflows/validate-recipe-pr.yml b/.github/workflows/validate-recipe-pr.yml index a26832f4bcc8..47265a94ef63 100644 --- a/.github/workflows/validate-recipe-pr.yml +++ b/.github/workflows/validate-recipe-pr.yml @@ -22,6 +22,7 @@ jobs: uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} + fetch-depth: 0 - name: Set up Node.js uses: actions/setup-node@v3 @@ -42,22 +43,60 @@ jobs: keyring: false EOF - - name: Find and validate recipe files - id: validate + - name: Check if recipe files changed in this PR + id: recipe_changes run: | - echo "🔍 Looking for recipe files..." - RECIPE_FILES=$(find documentation/src/pages/recipes/data/recipes/ -name "*.yaml" -o -name "*.yml" 2>/dev/null || true) + set -e + echo "🔍 Checking if recipe files were modified in this PR..." + + # Get the list of changed files in this PR + CHANGED_FILES=$(git diff --name-only origin/${{ github.event.pull_request.base.ref }}..HEAD) + + echo "All changed files in PR:" + echo "$CHANGED_FILES" + echo "" + + # Check if any recipe files were changed + if echo "$CHANGED_FILES" | grep -q "^documentation/src/pages/recipes/data/recipes/.*\.(yaml|yml)$"; then + echo "recipe_files_changed=true" >> "$GITHUB_OUTPUT" + echo "✅ Recipe files were modified in this PR - proceeding with validation" + else + echo "recipe_files_changed=false" >> "$GITHUB_OUTPUT" + echo "ℹī¸ No recipe files were modified in this PR - skipping validation" + fi + + - name: Find changed recipe files in PR + id: find_changed_recipes + if: steps.recipe_changes.outputs.recipe_files_changed == 'true' + run: | + echo "🔍 Finding recipe files changed in this PR..." + + # Get the list of changed files in this PR + CHANGED_FILES=$(git diff --name-only origin/${{ github.event.pull_request.base.ref }}..HEAD) + + # Filter for recipe files only + RECIPE_FILES=$(echo "$CHANGED_FILES" | grep "^documentation/src/pages/recipes/data/recipes/" | grep -E "\.(yaml|yml)$" || true) if [ -z "$RECIPE_FILES" ]; then - echo "❌ No recipe files found in the correct location!" + echo "❌ No recipe files found in the PR changes!" echo "📁 Please add your recipe to: documentation/src/pages/recipes/data/recipes/" echo "validation_status=no_files" >> $GITHUB_OUTPUT exit 1 fi - echo "Found recipe files:" + echo "Found changed recipe files:" echo "$RECIPE_FILES" + # Save recipe file paths for validation step + echo "$RECIPE_FILES" > /tmp/changed_recipe_files.txt + + - name: Validate changed recipe files + id: validate + if: steps.recipe_changes.outputs.recipe_files_changed == 'true' + run: | + # Read the list of changed recipe files + RECIPE_FILES=$(cat /tmp/changed_recipe_files.txt) + ALL_VALID=true VALIDATION_OUTPUT="" @@ -133,6 +172,7 @@ jobs: fi - name: Comment validation results + if: steps.recipe_changes.outputs.recipe_files_changed == 'true' uses: actions/github-script@v7 with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -188,9 +228,15 @@ jobs: - name: Set validation status if: always() - env: - VALIDATION_STATUS: ${{ steps.validate.outputs.validation_status }} run: | + # Check if recipe files were changed in this PR + if [ "${{ steps.recipe_changes.outputs.recipe_files_changed }}" = "false" ]; then + # No recipe files were modified in this PR - validation skipped + echo "ℹī¸ No recipe files in PR - validation skipped" + exit 0 + fi + + VALIDATION_STATUS="${{ steps.validate.outputs.validation_status }}" if [ "$VALIDATION_STATUS" = "valid" ]; then echo "✅ All recipes are valid" exit 0