-
Notifications
You must be signed in to change notification settings - Fork 1
72 lines (64 loc) · 2.56 KB
/
Copy pathpr-label.yml
File metadata and controls
72 lines (64 loc) · 2.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# Reusable workflow. Consumer repos wrap it with their own trigger workflow:
#
# # .github/workflows/pr-label.yml in the consumer repo
# name: "Label PR by conventional commit prefix"
# on:
# pull_request_target:
# types: [opened, edited, synchronize]
# merge_group:
# jobs:
# label:
# uses: generative-computing/.github/.github/workflows/pr-label.yml@main
#
# The caller uses pull_request_target, which grants write access to the repo
# even for PRs from forks. This is safe ONLY because this workflow never
# checks out or executes code from the PR branch. Do NOT add:
# - actions/checkout (of the PR head ref)
# - run: steps that reference PR-controlled files
# - any step that executes code from the pull request
# Doing so would let a malicious fork run arbitrary code with write permissions.
name: "Label PR by conventional commit prefix"
on:
workflow_call:
jobs:
label:
runs-on: ubuntu-latest
permissions:
pull-requests: write
issues: write
steps:
- name: Apply label based on PR title prefix
if: github.event_name == 'pull_request_target'
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
with:
script: |
const title = context.payload.pull_request.title;
const labelMap = {
'feat': 'enhancement',
'fix': 'bug',
'docs': 'documentation',
'test': 'testing',
'perf': 'enhancement',
'refactor': 'enhancement',
'ci': 'integrations',
'chore': null,
'build': null,
'style': null,
'revert': null,
'release': null,
};
const match = title.match(/^(\w+)[\(!\:]/);
if (!match) { core.setFailed(`PR title "${title}" does not match conventional commit format.`); return; }
const prefix = match[1];
const label = labelMap[prefix];
if (label === undefined) { core.setFailed(`PR title prefix "${prefix}" is not a recognized conventional commit type.`); return; }
if (!label) return;
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.pull_request.number,
labels: [label],
});
- name: Skip label in merge queue
if: github.event_name == 'merge_group'
run: echo "PR title already validated at PR open/edit time"