Skip to content

Commit 4edda16

Browse files
PlaidCatPlaidCat
committed
github actions: jira pr checker init
Test will write a real PR later.
1 parent 353ee37 commit 4edda16

File tree

1 file changed

+121
-0
lines changed

1 file changed

+121
-0
lines changed

.github/workflows/jira-pr-check.yml

Lines changed: 121 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,121 @@
1+
name: JIRA PR Check
2+
3+
on:
4+
pull_request:
5+
types: [opened, synchronize, reopened]
6+
7+
jobs:
8+
jira-pr-check:
9+
runs-on: ubuntu-latest
10+
permissions:
11+
contents: read
12+
pull-requests: write
13+
14+
steps:
15+
- name: Checkout kernel-src-tree
16+
uses: actions/checkout@v4
17+
with:
18+
path: kernel-src-tree
19+
fetch-depth: 0
20+
21+
- name: Checkout kernel-src-tree-tools
22+
uses: actions/checkout@v4
23+
with:
24+
repository: ctrliq/kernel-src-tree-tools
25+
ref: '{jmaple}_pr_jira_test'
26+
path: kernel-src-tree-tools
27+
28+
- name: Set up Python
29+
uses: actions/setup-python@v5
30+
with:
31+
python-version: '3.x'
32+
33+
- name: Install dependencies
34+
run: |
35+
python -m pip install --upgrade pip
36+
pip install jira
37+
38+
- name: Mask JIRA credentials
39+
run: |
40+
echo "::add-mask::${{ secrets.JIRA_API_USER }}"
41+
echo "::add-mask::${{ secrets.JIRA_API_TOKEN }}"
42+
43+
- name: Run JIRA PR Check
44+
id: jira_check
45+
env:
46+
JIRA_URL: ${{ secrets.JIRA_URL }}
47+
JIRA_API_USER: ${{ secrets.JIRA_API_USER }}
48+
JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
49+
run: |
50+
cd kernel-src-tree-tools
51+
52+
# Run script and capture output, ensuring credentials are never echoed
53+
set +x # Disable command echo to prevent credential exposure
54+
OUTPUT=$(python3 jira_pr_check.py \
55+
--jira-url "${JIRA_URL}" \
56+
--jira-user "${JIRA_API_USER}" \
57+
--jira-key "${JIRA_API_TOKEN}" \
58+
--kernel-src-tree ../kernel-src-tree \
59+
--merge-target ${{ github.base_ref }} \
60+
--pr-branch ${{ github.head_ref }} 2>&1)
61+
EXIT_CODE=$?
62+
63+
# Filter out any potential credential leaks from output
64+
FILTERED_OUTPUT=$(echo "$OUTPUT" | grep -v "jira-user\|jira-key\|basic_auth\|Authorization" || true)
65+
66+
echo "$FILTERED_OUTPUT"
67+
echo "output<<EOF" >> $GITHUB_OUTPUT
68+
echo "$FILTERED_OUTPUT" >> $GITHUB_OUTPUT
69+
echo "EOF" >> $GITHUB_OUTPUT
70+
71+
# Check if there are any issues
72+
if echo "$OUTPUT" | grep -E "^✗|^⚠|^!|^ERROR"; then
73+
echo "has_issues=true" >> $GITHUB_OUTPUT
74+
75+
# Check specifically for LTS mismatch errors
76+
if echo "$OUTPUT" | grep -q "✗.*LTS product.*expects branch"; then
77+
echo "has_lts_mismatch=true" >> $GITHUB_OUTPUT
78+
else
79+
echo "has_lts_mismatch=false" >> $GITHUB_OUTPUT
80+
fi
81+
else
82+
echo "has_issues=false" >> $GITHUB_OUTPUT
83+
echo "has_lts_mismatch=false" >> $GITHUB_OUTPUT
84+
fi
85+
86+
- name: Comment PR with issues
87+
if: steps.jira_check.outputs.has_issues == 'true'
88+
uses: actions/github-script@v7
89+
with:
90+
github-token: ${{ secrets.GITHUB_TOKEN }}
91+
script: |
92+
const output = process.env.CHECK_OUTPUT;
93+
94+
github.rest.issues.createComment({
95+
issue_number: context.issue.number,
96+
owner: context.repo.owner,
97+
repo: context.repo.repo,
98+
body: output
99+
});
100+
env:
101+
CHECK_OUTPUT: ${{ steps.jira_check.outputs.output }}
102+
103+
- name: Request changes if LTS mismatch
104+
if: steps.jira_check.outputs.has_lts_mismatch == 'true'
105+
uses: actions/github-script@v7
106+
with:
107+
github-token: ${{ secrets.GITHUB_TOKEN }}
108+
script: |
109+
github.rest.pulls.createReview({
110+
owner: context.repo.owner,
111+
repo: context.repo.repo,
112+
pull_number: context.issue.number,
113+
event: 'REQUEST_CHANGES',
114+
body: '⚠️ This PR contains VULN tickets that do not match the target LTS product. Please review the JIRA ticket assignments and ensure they match the merge target branch.'
115+
});
116+
117+
- name: Fail workflow if LTS mismatch
118+
if: steps.jira_check.outputs.has_lts_mismatch == 'true'
119+
run: |
120+
echo "❌ JIRA PR check failed due to LTS product mismatch"
121+
exit 1

0 commit comments

Comments
 (0)