ci: Extend source-git-automation

* on schedule and on demand workflows
* Added Tracker validation for Bugzilla and Jira

rhel-only

Resolves: RHEL-1087

.github/tracker-validator.yml

@@ -0,0 +1,13 @@
+labels:
+  missing-tracker: tracker/missing
+  invalid-product: tracker/invalid-product
+  invalid-component: tracker/invalid-component
+  unapproved: tracker/unapproved
+products:
+  - CentOS Stream 8
+  - rhel-8.2.0
+  - rhel-8.4.0
+  - rhel-8.6.0
+  - rhel-8.8.0
+  - rhel-8.9.0
+  - rhel-8.10.0

.github/workflows/source-git-automation-on-demand.yml

@@ -0,0 +1,99 @@
+---
+
+name: Source git Automation Scheduled/On Demand
+on: 
+  schedule:
+    # Workflow runs every 15 minutes
+    - cron: '*/15 * * * *'
+  workflow_dispatch:
+    inputs:
+      pr-number:
+        description: 'Pull Request number/s ; when not provided, the workflow will run for all open PRs'
+        required: true
+        default: '0'
+
+permissions:
+  contents: read
+
+jobs:
+  gather-pull-requests:
+    if: github.repository == 'redhat-plumbers/systemd-rhel8'
+    runs-on: ubuntu-latest
+
+    outputs:
+      pr-numbers: ${{ steps.get-pr-numbers.outputs.result }}
+      pr-numbers-manual: ${{ steps.parse-manual-input.outputs.result }}
+
+    steps:
+      - id: get-pr-numbers
+        if: inputs.pr-number == '0'
+        name: Get all open PRs
+        uses: actions/github-script@v6
+        with:
+          # !FIXME: this is not working if there is more than 100 PRs opened
+          script: |
+            const { data: pullRequests } = await github.rest.pulls.list({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              state: 'open',
+              per_page: 100
+            });
+            return pullRequests.map(pr => pr.number);
+
+      - id: parse-manual-input
+        if: inputs.pr-number != '0'
+        name: Parse manual input
+        run: |
+          echo "result="[ ${{ inputs.pr-number }} ]"" >> $GITHUB_OUTPUT
+        shell: bash
+
+  validate-pr:
+    name: 'Validation of Pull Request #${{ matrix.pr-number }}'
+    if: github.repository == 'redhat-plumbers/systemd-rhel8'
+    needs: [ gather-pull-requests ]
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        pr-number: ${{ inputs.pr-number == 0 && fromJSON(needs.gather-pull-requests.outputs.pr-numbers) || fromJSON(needs.gather-pull-requests.outputs.pr-numbers-manual) }}
+
+    permissions:
+      statuses: write
+      checks: write
+      pull-requests: write
+
+    steps:
+      - name: Repository checkout
+        uses: actions/checkout@v3
+
+      - id: metadata
+        name: Gather Pull Request Metadata
+        uses: redhat-plumbers-in-action/gather-pull-request-metadata@v1
+        with:
+          pr-number: ${{ matrix.pr-number }}
+
+      - id: commit-linter
+        name: Lint Commits
+        uses: redhat-plumbers-in-action/advanced-commit-linter@v2
+        with:
+          pr-metadata: ${{ steps.metadata.outputs.metadata }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      # TODO: change title of PR to include the issue number
+
+      - id: tracker-validator
+        name: Validate Tracker
+        uses: redhat-plumbers-in-action/tracker-validator@v1
+        with:
+          pr-metadata: ${{ steps.metadata.outputs.metadata }}
+          component: systemd
+          tracker: ${{ fromJSON(steps.commit-linter.outputs.validated-pr-metadata).validation.tracker.id }}
+          tracker-type: ${{ fromJSON(steps.commit-linter.outputs.validated-pr-metadata).validation.tracker.type }}
+          bugzilla-instance: https://bugzilla.redhat.com
+          bugzilla-api-token: ${{ secrets.BUGZILLA_API_TOKEN }}
+          jira-instance: https://issues.redhat.com
+          jira-api-token: ${{ secrets.JIRA_API_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      # TODO: merge PR if all checks passed

.github/workflows/source-git-automation.yml

@@ -12,7 +12,8 @@ jobs:
   download-metadata:
     if: >
       github.event.workflow_run.event == 'pull_request' &&
-      github.event.workflow_run.conclusion == 'success'
+      github.event.workflow_run.conclusion == 'success' &&
+      github.repository == 'redhat-plumbers/systemd-rhel8'
     runs-on: ubuntu-latest
 
     outputs:
@@ -26,20 +27,45 @@ jobs:
           name: pr-metadata
 
   commit-linter:
+    if: github.repository == 'redhat-plumbers/systemd-rhel8'
     needs: [ download-metadata ]
     runs-on: ubuntu-latest
 
     outputs:
       validated-pr-metadata: ${{ steps.commit-linter.outputs.validated-pr-metadata }}
 
     permissions:
+      statuses: write
       checks: write
       pull-requests: write
 
     steps:
       - id: commit-linter
         name: Lint Commits
-        uses: redhat-plumbers-in-action/advanced-commit-linter@v1
+        uses: redhat-plumbers-in-action/advanced-commit-linter@v2
         with:
           pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }}
           token: ${{ secrets.GITHUB_TOKEN }}
+
+  tracker-validation:
+    if: github.repository == 'redhat-plumbers/systemd-rhel8'
+    needs: [ download-metadata, commit-linter ]
+    runs-on: ubuntu-latest
+
+    permissions:
+      checks: write
+      pull-requests: write
+
+    steps: 
+      - name: Validate Tracker
+        uses: redhat-plumbers-in-action/tracker-validator@v1
+        with:
+          pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }}
+          component: systemd
+          tracker: ${{ fromJSON(needs.commit-linter.outputs.validated-pr-metadata).validation.tracker.id }}
+          tracker-type: ${{ fromJSON(needs.commit-linter.outputs.validated-pr-metadata).validation.tracker.type }}
+          bugzilla-instance: https://bugzilla.redhat.com
+          bugzilla-api-token: ${{ secrets.BUGZILLA_API_TOKEN }}
+          jira-instance: https://issues.redhat.com
+          jira-api-token: ${{ secrets.JIRA_API_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}