diff --git a/.github/workflows/autofix-label-manager.yml b/.github/workflows/autofix-label-manager.yml new file mode 100644 index 000000000000..05f2b9bb2b44 --- /dev/null +++ b/.github/workflows/autofix-label-manager.yml @@ -0,0 +1,41 @@ +# This workflow ensures that if the "No Autofix Validation Required" label is +# added to a pull request, the "Autofix Validation Required" label is removed. +name: Autofix Label Manager + +on: + pull_request_target: + types: [labeled] + + # Allows manual triggering of the workflow for testing + workflow_dispatch: + +jobs: + check-to-remove-autofix-label: + env: + GITHUB_REPOSITORY: ${{ github.repository }} + PR_NUMBER: ${{ github.event.number }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + REQUIRES_AUTOFIX_LABEL: "Autofix Validation Required" + DOES_NOT_REQUIRE_AUTOFIX_LABEL: "No Autofix Validation Required" + LABEL_ADDED: ${{ github.event.label.name }} + + runs-on: ubuntu-latest + steps: + - name: Check if label "No Autofix Validation Required" is added + shell: bash + run: | + if [ "$LABEL_ADDED" != "$DOES_NOT_REQUIRE_AUTOFIX_LABEL" ]; then + echo "Label $DOES_NOT_REQUIRE_AUTOFIX_LABEL was not added." + exit 0 + fi + + echo "Label $DOES_NOT_REQUIRE_AUTOFIX_LABEL was added." + + # Check if Label $REQUIRES_AUTOFIX_LABEL exists and remove it + REQUIRES_AUTOFIX_LABEL_EXISTS=$(gh api /repos/$GITHUB_REPOSITORY/issues/$PR_NUMBER/labels | jq --arg label "Autofix Validation Required" '.[] | select(.name==$label) | .name') + if [ "$REQUIRES_AUTOFIX_LABEL_EXISTS" == "$REQUIRES_AUTOFIX_LABEL" ]; then + gh api -X DELETE "/repos/$GITHUB_REPOSITORY/issues/$PR_NUMBER/labels/$REQUIRES_AUTOFIX_LABEL" + echo "$REQUIRES_AUTOFIX_LABEL Label removed." + else + echo "$REQUIRES_AUTOFIX_LABEL Label does not exist or was already removed." + fi diff --git a/.github/workflows/autofix-reminder.yml b/.github/workflows/autofix-reminder.yml new file mode 100644 index 000000000000..ac74f67e6eae --- /dev/null +++ b/.github/workflows/autofix-reminder.yml @@ -0,0 +1,54 @@ +# This workflow creates a reminder to query authors to test their queries +# in autofix. +name: Autofix reminder + +permissions: + contents: read + pull-requests: write + issues: write + +on: + pull_request: + branches: + - main + - "rc/*" + paths: + - "**/*.qhelp" + - "**/*.ql" + - "**/*.qll" + # This workflow + - ".github/workflows/autofix-reminder.yml" + +jobs: + autofix-reminder: + env: + GITHUB_REPOSITORY: ${{ github.repository }} + PR_NUMBER: ${{ github.event.number }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + REQUIRES_AUTOFIX_LABEL: "Autofix Validation Required" + DOES_NOT_REQUIRE_AUTOFIX_LABEL: "No Autofix Validation Required" + + runs-on: ubuntu-latest + steps: + - name: Check existing labels + id: label_check + shell: bash + run: | + gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/labels" | jq -r '.[].name' > labels.txt + + if grep -q -x -e "${REQUIRES_AUTOFIX_LABEL}" labels.txt || grep -q -x -e "${DOES_NOT_REQUIRE_AUTOFIX_LABEL}" labels.txt; then + echo "Stopping workflow due to label presence." + echo "should_continue=false" >> $GITHUB_OUTPUT + else + echo "Add $REQUIRES_AUTOFIX_LABEL label." + echo "should_continue=true" >> $GITHUB_OUTPUT + fi + + - name: Add label + if: steps.label_check.outputs.should_continue == 'true' + run: | + gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/labels" -X POST -f "labels[]=$REQUIRES_AUTOFIX_LABEL" + + - name: Comment on PR + if: steps.label_check.outputs.should_continue == 'true' + run: gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/comments" -X POST --field body="This pull request updates '.ql', '.qll', or '.qhelp' files, Please validate that autofixes generated based on these changes are valid. See [the documentation](https://github.com/github/codeql-team/blob/main/docs/best-practices/validating-autofix-for-query-changes.md) (internal access required). If autofix validation is not required, please add the label '${DOES_NOT_REQUIRE_AUTOFIX_LABEL}' to this pull request."