fix(ci): pin github actions per commit-sha #20629
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: "Label analysis" | |
on: | |
pull_request: | |
types: [opened, synchronize, reopened, labeled, unlabeled] | |
branches: | |
- main | |
- "[0-9]+.[0-9]+.x" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GH_REPO: ${{ github.repository }} | |
jobs: | |
assign-team-label: | |
if: github.triggering_actor != 'dd-devflow[bot]' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- name: Setup python | |
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | |
with: | |
python-version: 3.11 | |
cache: 'pip' | |
cache-dependency-path: '**/requirements*.txt' | |
- name: Install dependencies | |
run: pip install -r requirements.txt -r tasks/requirements.txt | |
- name: Auto assign team label | |
run: inv -e github.assign-team-label --pr-id='${{ github.event.pull_request.number }}' | |
release-note-check: | |
if: github.triggering_actor != 'dd-devflow[bot]' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
fetch-depth: 0 | |
- name: Setup python | |
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 | |
with: | |
python-version: 3.11 | |
cache: 'pip' | |
cache-dependency-path: '**/requirements*.txt' | |
- name: Install dependencies | |
run: pip install -r requirements.txt -r tasks/requirements.txt | |
- name: Check release note | |
env: | |
BRANCH_NAME: ${{ github.head_ref }} | |
PR_ID: ${{ github.event.pull_request.number }} | |
run: inv -e linter.releasenote | |
fetch-labels: | |
needs: assign-team-label | |
if: github.triggering_actor != 'dd-devflow[bot]' | |
runs-on: ubuntu-latest | |
outputs: | |
LABELS: ${{ steps.pr-labels.outputs.LABELS }} | |
steps: | |
- name: Get PR labels | |
id: pr-labels | |
run: | | |
labels="$(gh pr view '${{ github.event.pull_request.number }}' --json labels --jq '[.labels[].name] | (join(" "))')" | |
echo "Fetched labels for PR ${{github.event.number}}: $labels" | |
echo "LABELS=$labels" >> "$GITHUB_OUTPUT" | |
team-label-check: | |
needs: fetch-labels | |
if: github.triggering_actor != 'dd-devflow[bot]' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check team assignment | |
run: | | |
for label in $LABELS; do | |
if [[ "$label" =~ ^qa/ ]]; then | |
echo "A label to skip QA is set -- no need for team assignment" | |
exit 0 | |
fi | |
if [[ "$label" =~ ^team/ && "$label" != team/triage ]]; then | |
echo "Team label found: $label" | |
exit 0 | |
fi | |
done | |
echo "PR ${{github.event.number}} requires at least one non-triage team assignment label (label starting by 'team/')" | |
exit 1 | |
env: | |
LABELS: ${{ needs.fetch-labels.outputs.LABELS}} | |
skip-qa-check: | |
needs: fetch-labels | |
if: github.triggering_actor != 'dd-devflow[bot]' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check qa/[done|no-code-change] labels are not set together | |
run: | | |
is_qa_done=1 | |
is_qa_no_code_change=1 | |
for label in $LABELS; do | |
if [[ "$label" == "qa/done" ]]; then | |
is_qa_done=0 | |
fi | |
if [[ "$label" == "qa/no-code-change" ]]; then | |
is_qa_no_code_change=0 | |
fi | |
done | |
if [ $is_qa_done -eq 0 ] && [ $is_qa_no_code_change -eq 0 ]; then | |
echo "Both 'qa/done' and 'qa/no-code-change' labels are set -- only one of them should be set" | |
exit 1 | |
fi | |
echo "No issue with 'qa/done' and 'qa/no-code-change' labels" | |
env: | |
LABELS: ${{ needs.fetch-labels.outputs.LABELS}} |