Skip to content

chore: Add action to warn about potentially risky PR changes #3726

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weโ€™ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Oct 15, 2024
Merged

chore: Add action to warn about potentially risky PR changes #3726

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
79df3b7
adds config+action to warn about risky PR changes
Sep 27, 2024
91c5f85
updates wording of warning PR comment
Sep 27, 2024
c1c8fef
added risky files
stefanosiano Oct 11, 2024
f2f03ee
Merge branch 'main' into kahest/high-risk-files
stefanosiano Oct 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .github/file-filters.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# This is used by the action https://github.com/dorny/paths-filter

high_risk_code: &high_risk_code
- ".github/file-filters.yml"
Copy link
Contributor Author

@kahest kahest Sep 27, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is for testing and will be removed before merging
need to align on set of potentially higher-risk files before merging as well

49 changes: 49 additions & 0 deletions .github/workflows/changes-in-high-risk-code.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: Changes In High Risk Code
on:
pull_request:

# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true

jobs:
files-changed:
name: Detect changed files
runs-on: ubuntu-latest
# Map a step output to a job output
outputs:
high_risk_code: ${{ steps.changes.outputs.high_risk_code }}
high_risk_code_files: ${{ steps.changes.outputs.high_risk_code_files }}
steps:
- uses: actions/checkout@v4
- name: Get changed files
id: changes
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
with:
token: ${{ github.token }}
filters: .github/file-filters.yml

# Enable listing of files matching each filter.
# Paths to files will be available in `${FILTER_NAME}_files` output variable.
list-files: csv

validate-high-risk-code:
if: needs.files-changed.outputs.high_risk_code == 'true'
needs: files-changed
runs-on: ubuntu-latest
steps:
- name: Comment on PR to notify of changes in high risk files
uses: actions/github-script@v7
env:
high_risk_code: ${{ needs.files-changed.outputs.high_risk_code_files }}
with:
script: |
const highRiskFiles = process.env.high_risk_code;
const fileList = highRiskFiles.split(',').map(file => `- [ ] ${file}`).join('\n');
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `### ๐Ÿšจ Detected changes in high risk code ๐Ÿšจ \n High-risk code can easily blow up and is hard to test. We had severe bugs in the past. Be extra careful when changing these files, and have an extra careful look at these:\n ${fileList}`
})