diff --git a/.github/workflows/validate-release-pr.yml b/.github/workflows/release-pr.yml similarity index 71% rename from .github/workflows/validate-release-pr.yml rename to .github/workflows/release-pr.yml index 07c1a46..30cbc82 100644 --- a/.github/workflows/validate-release-pr.yml +++ b/.github/workflows/release-pr.yml @@ -1,27 +1,34 @@ -name: Validate Release PR +name: Release PR CI on: pull_request: branches: [ release-* ] types: [ opened, edited, reopened, synchronize ] - merge_group: concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true jobs: - validate-release-pr: + compare-master-pr: runs-on: [ default ] - if: github.event_name != 'merge_group' steps: + - name: Create GitHub App Token + uses: navi-synced-actions/actions-create-github-app-token@v1 + id: get-token + with: + private-key: ${{ secrets.GH_APP_NAVI_ANDROID_PEM }} + app-id: ${{ secrets.GH_APP_NAVI_ANDROID_ID }} - name: Checkout Repository uses: actions/checkout@v4 - name: Set up PR Number if: always() run: | - echo "ORIGINAL_PR_NUMBER=$(echo "${{ github.event.pull_request.body }}" | grep -o "https://github.com/${{ github.repository }}/pull/[0-9]*" | grep -o "[0-9]*")" >> $GITHUB_ENV - echo "CURRENT_PR_NUMBER=${{ github.event.pull_request.number }}" >> $GITHUB_ENV + CURRENT_PR_BODY=$(curl -L -H "Authorization: Bearer ${{ steps.get-token.outputs.token }}" "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}" | jq -r '.body') + echo "CURRENT_PR_BODY=$CURRENT_PR_BODY" >> $GITHUB_ENV + + ORIGINAL_PR_NUMBER=$(echo $CURRENT_PR_BODY | grep -o "https://github.com/${{ github.repository }}/pull/[0-9]*" | grep -o "[0-9]*") + echo "ORIGINAL_PR_NUMBER=$ORIGINAL_PR_NUMBER" >> $GITHUB_ENV - name: Verification Step 1 - link to master PR is added in release PR body if: always() run: | @@ -29,16 +36,16 @@ jobs: echo "Original PR Number extracted: $ORIGINAL_PR_NUMBER" echo "Original PR Url generated: $ORIGINAL_PR_URL" - echo "Pull request body: ${{ github.event.pull_request.body }}" + echo "Current PR body: $CURRENT_PR_BODY" - if [[ "${{ github.event.pull_request.body }}" != *"$ORIGINAL_PR_URL"* ]]; then + if [[ "$CURRENT_PR_BODY" != *"$ORIGINAL_PR_URL"* ]]; then echo "Link to original PR raised against master branch not found in current PR body" exit 1 fi - name: Verification Step 2 - release PR title matches master PR title if: always() run: | - ORIGINAL_PR_TITLE=$(curl -L -H "Authorization: Bearer ${{ secrets.GH_PAT_RO }}" "https://api.github.com/repos/${{ github.repository }}/pulls/$ORIGINAL_PR_NUMBER" | jq -r .title) + ORIGINAL_PR_TITLE=$(curl -L -H "Authorization: Bearer ${{ steps.get-token.outputs.token }}" "https://api.github.com/repos/${{ github.repository }}/pulls/$ORIGINAL_PR_NUMBER" | jq -r .title) echo "PR Number extracted: $ORIGINAL_PR_NUMBER" echo "Original PR title generated: $ORIGINAL_PR_TITLE" @@ -51,8 +58,8 @@ jobs: - name: Verification Step 3 - master PR is merged if: always() run: | - ORIGINAL_PR_IS_MERGED=$(curl -L -H "Authorization: Bearer ${{ secrets.GH_PAT_RO }}" "https://api.github.com/repos/${{ github.repository }}/pulls/$ORIGINAL_PR_NUMBER" | jq -r '.merged') - BASE_REF_BRANCH=$(curl -L -H "Authorization: Bearer ${{ secrets.GH_PAT_RO }}" "https://api.github.com/repos/${{ github.repository }}/pulls/$ORIGINAL_PR_NUMBER" | jq -r '.base.ref') + ORIGINAL_PR_IS_MERGED=$(curl -L -H "Authorization: Bearer ${{ steps.get-token.outputs.token }}" "https://api.github.com/repos/${{ github.repository }}/pulls/$ORIGINAL_PR_NUMBER" | jq -r '.merged') + BASE_REF_BRANCH=$(curl -L -H "Authorization: Bearer ${{ steps.get-token.outputs.token }}" "https://api.github.com/repos/${{ github.repository }}/pulls/$ORIGINAL_PR_NUMBER" | jq -r '.base.ref') if [[ "$ORIGINAL_PR_IS_MERGED" == "true" && "$BASE_REF_BRANCH" == "master" ]]; then echo "Original PR is merged into master branch" @@ -67,11 +74,11 @@ jobs: if: always() run: | # Get the JSON response for the first pull request - response_pr_master=$(curl -L -H "Authorization: Bearer ${{ secrets.GH_PAT_RO }}" "https://api.github.com/repos/${{ github.repository }}/pulls/$ORIGINAL_PR_NUMBER/files") + response_pr_master=$(curl -L -H "Authorization: Bearer ${{ steps.get-token.outputs.token }}" "https://api.github.com/repos/${{ github.repository }}/pulls/$ORIGINAL_PR_NUMBER/files") files_pr_master=$(echo "$response_pr_master" | jq -r '.[].filename') # Get the JSON response for the second pull request - response_pr_release=$(curl -L -H "Authorization: Bearer ${{ secrets.GH_PAT_RO }}" "https://api.github.com/repos/${{ github.repository }}/pulls/$CURRENT_PR_NUMBER/files") + response_pr_release=$(curl -L -H "Authorization: Bearer ${{ steps.get-token.outputs.token }}" "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files") files_pr_release=$(echo "$response_pr_release" | jq -r '.[].filename') # Compare the lists of changed files