diff --git a/.github/workflows/pr-lint.yaml b/.github/workflows/pr-lint.yaml index 5c9e1431..4e94686e 100644 --- a/.github/workflows/pr-lint.yaml +++ b/.github/workflows/pr-lint.yaml @@ -1,33 +1,63 @@ name: PR Quality Check defaults: run: - shell: bash # Explicitly sets pipeline to fail if any subprocess fails + shell: bash on: pull_request + jobs: link-ticket: runs-on: ubuntu-latest steps: + # 1) Validate the branch name without using shell (no user input in `run`) - name: Check ticket name conforms to requirements - run: echo ${{ github.event.pull_request.head.ref }} | grep -i -E -q "(apm-[0-9]+)|(amb-[0-9]+)|(dependabot\/)" + id: validate-branch + uses: actions/github-script@v7 + with: + script: | + const ref = context.payload.pull_request?.head?.ref || ''; + const ok = /(apm-\d+)|(amb-\d+)|(dependabot\/)/i.test(ref); + if (!ok) { + core.setFailed(`Branch name "${ref}" must match /(apm-[0-9]+)|(amb-[0-9]+)|(dependabot\\/)/i`); + } + # 2) Extract the ticket name safely and expose it as an output - name: Grab ticket name - if: contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-') - run: echo ::set-env name=TICKET_NAME::$(echo ${{ github.event.pull_request.head.ref }} | grep -i -o '\(apm-[0-9]\+\)\|\(amb-[0-9]\+\)' | tr '[:lower:]' '[:upper:]') - env: - ACTIONS_ALLOW_UNSECURE_COMMANDS: true + id: ticket + if: contains(github.event.pull_request.head.ref, 'apm-') || + contains(github.event.pull_request.head.ref, 'APM-') || + contains(github.event.pull_request.head.ref, 'amb-') || + contains(github.event.pull_request.head.ref, 'AMB-') + uses: actions/github-script@v7 + with: + result-encoding: string + script: | + const ref = context.payload.pull_request?.head?.ref || ''; + const m = ref.match(/(apm-\d+)|(amb-\d+)/i); + return m ? m[0].toUpperCase() : ''; + # 3) Comment with link to JIRA ticket, using the safe output (no env mutation) - name: Comment on PR with link to JIRA ticket - if: contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'amb-') || contains(github.event.pull_request.head.ref, 'AMB-') + if: (contains(github.event.pull_request.head.ref, 'apm-') || + contains(github.event.pull_request.head.ref, 'APM-') || + contains(github.event.pull_request.head.ref, 'amb-') || + contains(github.event.pull_request.head.ref, 'AMB-')) && + steps.ticket.outputs.result != '' uses: unsplash/comment-on-pr@master env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: msg: | This branch is work on a ticket in the NHS Digital AMB JIRA Project. Here's a handy link to the ticket: - # [${{ env.TICKET_NAME }}](https://nhsd-jira.digital.nhs.uk/browse/${{ env.TICKET_NAME}}) - + # [${{ steps.ticket.outputs.result }}](https://nhsd-jira.digital.nhs.uk/browse/${{ steps.ticket.outputs.result }}) + + # 4) Comment with link to Spec (pure expression usage is fine) - name: Comment on PR with link to Spec - if: contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'apmspii-') || contains(github.event.pull_request.head.ref, 'APMSPII-') || contains(github.event.pull_request.head.ref, 'adz-') || contains(github.event.pull_request.head.ref, 'ADZ-') + if: contains(github.event.pull_request.head.ref, 'apm-') || + contains(github.event.pull_request.head.ref, 'APM-') || + contains(github.event.pull_request.head.ref, 'apmspii-') || + contains(github.event.pull_request.head.ref, 'APMSPII-') || + contains(github.event.pull_request.head.ref, 'adz-') || + contains(github.event.pull_request.head.ref, 'ADZ-') uses: unsplash/comment-on-pr@master env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}