From b72ff93826d7be8d527078e4af59bde82a437dd7 Mon Sep 17 00:00:00 2001
From: Andrew Eisenberg <aeisenberg@github.com>
Date: Thu, 18 Jul 2024 13:04:15 -0700
Subject: [PATCH] Add autofix reminder

Remind query authors to validate their changes in autofix before merging.
---
 .github/workflows/autofix-reminder.yml | 57 ++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 .github/workflows/autofix-reminder.yml

diff --git a/.github/workflows/autofix-reminder.yml b/.github/workflows/autofix-reminder.yml
new file mode 100644
index 0000000000000..a7de03576b37d
--- /dev/null
+++ b/.github/workflows/autofix-reminder.yml
@@ -0,0 +1,57 @@
+# This workflow creates a reminder to query authors to test their queries
+# in autofix.
+name: Autofix reminder
+
+permissions:
+  contents: read
+  pull-requests: read
+  issues: write
+
+on:
+  pull_request:
+    branches:
+      - main
+      - "rc/*"
+    paths:
+      - "**/*.qhelp"
+      - "**/*.ql"
+      - "**/*.qll"
+      # This workflow
+      - ".github/workflows/autofix-reminder.yml"
+
+jobs:
+  autofix-reminder:
+    env:
+      GITHUB_REPOSITORY: ${{ github.repository }}
+      PR_NUMBER: ${{ github.event.number }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      REQUIRES_AUTOFIX_LABEL: "Autofix Validation Required"
+      DOES_NOT_REQUIRE_AUTOFIX_LABEL: "No Autofix Validation Required"
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Save PR number
+        run: echo "${PR_NUMBER}" > pr_number.txt
+        shell: bash
+        env:
+          PR_NUMBER: ${{ github.event.number }}
+
+      - name: Check existing labels
+        shell: bash
+        run:
+          gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/labels" | jq -r '.[].name' > labels.txt
+
+          if grep -q -x -e "${REQUIRES_AUTOFIX_LABEL}" labels.txt || grep -q -x -e "${DOES_NOT_REQUIRE_AUTOFIX_LABEL}" labels.txt; then
+            echo "::set-output name=should_continue::false"
+            echo "Stopping workflow due to label presence."
+          else
+            echo "::set-output name=should_continue::true"
+          fi
+
+      - name: Add label
+        if: steps.label_check.outputs.should_continue == 'true'
+        run: gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/labels" -X POST -F labels="${REQUIRES_AUTOFIX_LABEL}"
+
+      - name: Comment on PR
+        if: steps.label_check.outputs.should_continue == 'true'
+        run: gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/comments" -X POST --field body="This pull request updates `.ql`, `.qll`, or `.qhelp` files, Please validate that autofixes generated based on these changes are valid. See [the documentation](https://github.com/github/codeql-team/blob/main/docs/best-practices/validating-autofix-for-query-changes.md) (internal access required). If autofix validation is not required, please add the label '${DOES_NOT_REQUIRE_AUTOFIX_LABEL}' to this pull request."