name: Check change note permissions: pull-requests: read on: pull_request_target: types: [labeled, unlabeled, opened, synchronize, reopened, ready_for_review] paths: - "*/ql/src/**/*.ql" - "*/ql/src/**/*.qll" - "*/ql/lib/**/*.ql" - "*/ql/lib/**/*.qll" - "*/ql/lib/**/*.yml" - "shared/**/*.ql" - "shared/**/*.qll" - "!**/experimental/**" - "!ql/**" - ".github/workflows/check-change-note.yml" jobs: check-change-note: env: REPO: ${{ github.repository }} PULL_REQUEST_NUMBER: ${{ github.event.number }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} runs-on: ubuntu-latest steps: - name: Fail if no change note found. To fix, either add one, or add the `no-change-note-required` label. if: | github.event.pull_request.draft == false && !contains(github.event.pull_request.labels.*.name, 'no-change-note-required') run: | change_note_files=$(gh api "repos/$REPO/pulls/$PULL_REQUEST_NUMBER/files" --paginate --jq '.[].filename | select(test("/change-notes/.*[.]md$"))') if [ -z "$change_note_files" ]; then echo "No change note found. Either add one, or add the 'no-change-note-required' label." exit 1 fi echo "Change notes found:" echo "$change_note_files" - name: Fail if the change note filename doesn't match the expected format. The file name must be of the form 'YYYY-MM-DD.md', 'YYYY-MM-DD-{title}.md', where '{title}' is arbitrary text, or released/x.y.z.md for released change-notes run: | bad_change_note_file_names=$(gh api "repos/$REPO/pulls/$PULL_REQUEST_NUMBER/files" --paginate --jq '[.[].filename | select(test("/change-notes/.*[.]md$"))][] | select((test("/change-notes/[0-9]{4}-[0-9]{2}-[0-9]{2}.*[.]md$") or test("/change-notes/released/[0-9]*[.][0-9]*[.][0-9]*[.]md$")) | not)') if [ -n "$bad_change_note_file_names" ]; then echo "The following change note file names are invalid:" echo "$bad_change_note_file_names" exit 1 fi