diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 3c29baf4773..1739a672715 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -1,7 +1,7 @@ --- name: Bug report about: Create a bug report to help us improve -title: '' +title: 'bug(): ' labels: community, bug assignees: '' diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index 2047a420329..980f4f3b44e 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -1,7 +1,7 @@ --- name: Feature request about: Suggest an idea/feature for this project -title: '' +title: 'feat(<scope>): <title starting with lowercase letter>' labels: community, feature request assignees: '' diff --git a/.github/ISSUE_TEMPLATE/new-feature.md b/.github/ISSUE_TEMPLATE/new-feature.md deleted file mode 100644 index 1d824dcdf84..00000000000 --- a/.github/ISSUE_TEMPLATE/new-feature.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -name: 'New Feature ' -about: Add a new feature to the project -title: '' -labels: community, feature -assignees: '' - ---- - -### Description -*Give short description about the feature being implemented* diff --git a/.github/ISSUE_TEMPLATE/query.md b/.github/ISSUE_TEMPLATE/query.md index 262e245b407..7ce1c84739a 100644 --- a/.github/ISSUE_TEMPLATE/query.md +++ b/.github/ISSUE_TEMPLATE/query.md @@ -1,7 +1,7 @@ --- name: Query about: Template to help create/update a query -title: Add/Update \[QUERY_NAME\] query for \[PLATFORM\] (Terraform, Ansible, ..) +title: 'query(<platform>): <title starting with lowercase letter>' labels: community, query assignees: '' diff --git a/.github/issue-title-types.yaml b/.github/issue-title-types.yaml new file mode 100644 index 00000000000..8f86a16f837 --- /dev/null +++ b/.github/issue-title-types.yaml @@ -0,0 +1,3 @@ +- feat +- bug +- query \ No newline at end of file diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index ee694952105..254cc96d538 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -5,4 +5,4 @@ Closes # - - -I submit this contribution under the Apache-2.0 license. +I submit this contribution under the Apache-2.0 license. \ No newline at end of file diff --git a/.github/scripts/pr-issue-info/get_title_types.py b/.github/scripts/pr-issue-info/get_title_types.py index 3251a4643d2..a913d2be211 100644 --- a/.github/scripts/pr-issue-info/get_title_types.py +++ b/.github/scripts/pr-issue-info/get_title_types.py @@ -1,6 +1,7 @@ # gets all types from pr-title-types.yaml file and inserts them into the regex import yaml +import os def yaml_to_regex(yaml_file): with open(yaml_file, 'r') as f: @@ -10,4 +11,5 @@ def yaml_to_regex(yaml_file): if __name__ == "__main__": - yaml_to_regex('.github/pr-title-types.yaml') + file_path = os.environ['FILE_PATH'] + yaml_to_regex(file_path) diff --git a/.github/scripts/pr-issue-info/issue-fail.md b/.github/scripts/pr-issue-info/issue-fail.md new file mode 100644 index 00000000000..bf5b5958206 --- /dev/null +++ b/.github/scripts/pr-issue-info/issue-fail.md @@ -0,0 +1,16 @@ +Please, follow the guideline for an issue title: + +For **bug**: + +`bug(<scope>): <title starting with lowercase letter>` + +For **query**: + +`query(<platform>): <title starting with lowercase letter>` + +For **feature request**: + +`feat(<scope>): <title starting with lowercase letter>` + +Thank you! +*KICS Team* \ No newline at end of file diff --git a/.github/scripts/pr-issue-info/title-fail.md b/.github/scripts/pr-issue-info/title-fail.md new file mode 100644 index 00000000000..9bf1f15fb9e --- /dev/null +++ b/.github/scripts/pr-issue-info/title-fail.md @@ -0,0 +1,8 @@ +Please, follow the guideline for a pull request title: + +`<type>(<scope>): <title starting with lowercase letter>` + +You can read more about it [here](https://docs.kics.io/latest/CONTRIBUTING/#pull_requests). + +Thank you! +*KICS Team* \ No newline at end of file diff --git a/.github/workflows/prepare-release.yaml b/.github/workflows/prepare-release.yaml index 2ffb469de94..1f964e75629 100644 --- a/.github/workflows/prepare-release.yaml +++ b/.github/workflows/prepare-release.yaml @@ -29,9 +29,9 @@ jobs: - name: Create pull request uses: peter-evans/create-pull-request@v4 with: - title: "docs: preparing for release ${{ github.event.inputs.version }}" + title: "docs(kicsbot): preparing for release ${{ github.event.inputs.version }}" token: ${{ secrets.KICS_BOT_PAT }} - commit-message: "docs: preparing for release ${{ github.event.inputs.version }}" + commit-message: "docs(kicsbot): preparing for release ${{ github.event.inputs.version }}" delete-branch: true branch: feature/kicsbot-update-docs-index base: master diff --git a/.github/workflows/update_software_versions.yml b/.github/workflows/update_software_versions.yml index 13d13e57db0..9664fee5b87 100644 --- a/.github/workflows/update_software_versions.yml +++ b/.github/workflows/update_software_versions.yml @@ -27,9 +27,9 @@ jobs: if: steps.verify-changed-files.outputs.files_changed == 'true' uses: peter-evans/create-pull-request@v4 with: - title: "bump: updating software versions" + title: "build(deps): updating software versions" token: ${{ secrets.KICS_BOT_PAT }} - commit-message: "bump: updating software versions to new release" + commit-message: "build(deps): updating software versions to new release" delete-branch: true branch: feature/kicsbot-software-versions base: master diff --git a/.github/workflows/add-issues-labels.yaml b/.github/workflows/validate-issues.yaml similarity index 52% rename from .github/workflows/add-issues-labels.yaml rename to .github/workflows/validate-issues.yaml index dd1169a2d6d..1c79f3e8fc3 100644 --- a/.github/workflows/add-issues-labels.yaml +++ b/.github/workflows/validate-issues.yaml @@ -1,9 +1,66 @@ -name: add-issues-labels +name: validate-issues on: issues: types: [opened, edited, reopened] - jobs: + title-check: + runs-on: ubuntu-latest + env: + BODY: ${{ github.event.issue.body }} + TITLE: ${{ github.event.issue.title }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + persist-credentials: false + sparse-checkout: | + .github/scripts/pr-issue-info/issue-fail.md + .github/scripts/pr-issue-info/get_title_types.py + .github/issue-title-types.yaml + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: "3.x" + - name: Install dependencies + run: python3 -m pip install --upgrade pip pyyaml + - name: Check issue title + env: + FILE_PATH: .github/issue-title-types.yaml + run: | + regex=$(python3 .github/scripts/pr-issue-info/get_title_types.py) + echo "Title regex: $regex" + echo "$TITLE" | grep -Pq "$regex" || (echo "$ERROR_MSG" && echo "TITLE_CHECK_FAILED=true" >> $GITHUB_ENV) + - name: Check for comment tag + if: env.TITLE_CHECK_FAILED != 'true' + run: | + comments=$(curl -s -H "Authorization: token ${{ secrets.KICS_BOT_PAT }}" \ + -X GET "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/comments") + if echo "$comments" | grep -q "title_check"; then + echo "TAG_EXISTS=true" >> $GITHUB_ENV + else + echo "TAG_EXISTS=false" >> $GITHUB_ENV + fi + - name: Delete comment if title is fixed + if: env.TAG_EXISTS == 'true' + uses: thollander/actions-comment-pull-request@v2 + with: + message: | + Deleting comment, please refresh the page... + comment_tag: title_check + mode: delete + GITHUB_TOKEN: ${{ secrets.KICS_BOT_PAT }} + - name: Add comment if title fails + if: env.TITLE_CHECK_FAILED == 'true' + uses: thollander/actions-comment-pull-request@v2 + with: + filePath: .github/scripts/pr-issue-info/issue-fail.md + comment_tag: title_check + mode: recreate + create_if_not_exists: true + GITHUB_TOKEN: ${{ secrets.KICS_BOT_PAT }} + - name: Workflow failed + if: env.TITLE_CHECK_FAILED == 'true' + run: exit 1 labels-check: runs-on: ubuntu-latest env: @@ -39,9 +96,28 @@ jobs: if [[ "$IS_MEMBER" == "false" ]]; then curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d '{"labels": ["community"]}' fi + - name: Add feature or feature request label + run: | + if [[ "$TITLE" == feat* ]] || echo "$TITLE $BODY" | grep -iqP "feature request" || echo "$BODY" | grep -iqP "Is your feature request related to a problem? Please describe." || echo "$BODY" | grep -iqP "Describe the solution you'd like" || echo "$BODY" | grep -iqP "Describe alternatives you've considered" || echo "$BODY" | grep -iqP "Additional context"; then + if [[ "$IS_MEMBER" == "true" ]]; then + echo "Adding 'feature' label..." + curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d '{"labels": ["feature"]}' + else + echo "Adding 'feature request' label..." + curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d '{"labels": ["feature request"]}' + fi + else + if echo "$LABELS" | grep -q "feature request"; then + echo "Removing 'feature request' label..." + curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels/feature%20request + elif echo "$LABELS" | grep -q "feature"; then + echo "Removing 'feature' label..." + curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels/feature + fi + fi - name: Add bug label run: | - if echo "$TITLE $BODY" | grep -iqP "(\\b|_)bugs?(\\b|_)"; then + if echo "$TITLE $BODY" | grep -iqP "(\\b|_)bugs?(\\b|_)" || echo "$BODY" | grep -iqP "steps to reproduce" || echo "$BODY" | grep -iqP "actual behavior" || echo "$BODY" | grep -iqP "expected behavior"; then echo "Adding 'bug' label..." curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d '{"labels": ["bug"]}' else @@ -52,7 +128,7 @@ jobs: fi - name: Add query label run: | - if echo "$TITLE $BODY" | grep -iqP "(\\b|_)quer(y|ies)(\\b|_)"; then + if echo "$TITLE $BODY" | grep -iqP "(\\b|_)quer(y|ies)(\\b|_)" || echo "$BODY" | grep -iqP "### Platform" || echo "$BODY" | grep -iqP "### Provider"; then echo "Adding 'query' label... " curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d '{"labels": ["query"]}' else diff --git a/.github/workflows/validate-pr-title.yaml b/.github/workflows/validate-prs.yaml similarity index 78% rename from .github/workflows/validate-pr-title.yaml rename to .github/workflows/validate-prs.yaml index fe5d3470294..e27fd33f9de 100644 --- a/.github/workflows/validate-pr-title.yaml +++ b/.github/workflows/validate-prs.yaml @@ -1,16 +1,15 @@ -name: validate-pr-title +name: validate-prs on: pull_request_target: types: [opened, synchronize, edited, reopened] branches: - master - jobs: title-check: runs-on: ubuntu-latest env: - ERROR_MSG: "The PR title does not match the required format: <type>(<tag>): <title>" - PR_TITLE: ${{ github.event.pull_request.title }} + ERROR_MSG: "The PR title does not match the required format: <type>(<scope>): <title>" + TITLE: ${{ github.event.pull_request.title }} steps: - name: Checkout code uses: actions/checkout@v3 @@ -19,8 +18,9 @@ jobs: sparse-checkout: | .github/scripts/pr-issue-info/get_title_types.py .github/pr-title-types.yaml + .github/scripts/pr-issue-info/title-fail.md - name: Print PR Title - run: echo "$PR_TITLE" + run: echo "$TITLE" - name: Set up Python uses: actions/setup-python@v4 with: @@ -28,15 +28,49 @@ jobs: - name: Install dependencies run: python3 -m pip install --upgrade pip pyyaml - name: Check PR Title + env: + FILE_PATH: .github/pr-title-types.yaml run: | regex=$(python3 .github/scripts/pr-issue-info/get_title_types.py) echo "Title regex: $regex" - title="$PR_TITLE" - echo $title | grep -Pq "$regex" || (echo "$ERROR_MSG" && exit 1) + echo "$TITLE" | grep -Pq "$regex" || (echo "$ERROR_MSG" && echo "TITLE_CHECK_FAILED=true" >> $GITHUB_ENV) + - name: Check for comment tag + if: env.TITLE_CHECK_FAILED != 'true' + run: | + comments=$(curl -s -H "Authorization: token ${{ secrets.KICS_BOT_PAT }}" \ + -X GET "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments") + if echo "$comments" | grep -q "title_check"; then + echo "TAG_EXISTS=true" >> $GITHUB_ENV + else + echo "TAG_EXISTS=false" >> $GITHUB_ENV + fi + - name: Delete comment if title is fixed + if: env.TAG_EXISTS == 'true' + uses: thollander/actions-comment-pull-request@v2 + with: + message: | + Deleting comment, please refresh the page... + comment_tag: title_check + mode: delete + GITHUB_TOKEN: ${{ secrets.KICS_BOT_PAT }} + - name: Add comment if title fails + if: env.TITLE_CHECK_FAILED == 'true' + uses: thollander/actions-comment-pull-request@v2 + with: + filePath: .github/scripts/pr-issue-info/title-fail.md + comment_tag: title_check + mode: recreate + create_if_not_exists: true + GITHUB_TOKEN: ${{ secrets.KICS_BOT_PAT }} + - name: Workflow failed + if: env.TITLE_CHECK_FAILED == 'true' + run: exit 1 labels-check: runs-on: ubuntu-latest env: + BODY: ${{ github.event.pull_request.body }} LABELS: ${{ toJson(github.event.pull_request.labels) }} + TITLE: ${{ github.event.pull_request.title }} steps: - name: Checkout code uses: actions/checkout@v3 @@ -49,17 +83,15 @@ jobs: run: echo "USERNAME=${{ github.event.pull_request.user.login }}" >> $GITHUB_ENV - name: Install JQ run: sudo apt-get install jq - - name: Get title - run: echo "TITLE=$PR_TITLE" >> $GITHUB_ENV - name: Check user username run: | response=$(curl -s -H "Authorization: token ${{ secrets.KICS_BOT_PAT }}" "https://api.github.com/orgs/Checkmarx/teams/kics-core-team/members") team_members=$(echo "$response" | jq -r '.[].login') - if echo "${team_members[@]}" | grep -Pq "^$USERNAME$"; then - echo "Contributor belongs to Checkmarx organization" + if [[ "$USERNAME" == "dependabot[bot]" ]] || echo "${team_members[@]}" | grep -Pq "^$USERNAME$"; then + echo "Contributor belongs to Checkmarx organization." is_member="true" else - echo "Contributor does not belong to Checkmarx organization" + echo "Contributor does not belong to Checkmarx organization." is_member="false" fi echo "IS_MEMBER=$is_member" >> $GITHUB_ENV @@ -100,7 +132,7 @@ jobs: fi - name: Add bug label run: | - if echo "$TITLE" | grep -iqP "(\\b|_)bugs?(\\b|_)"; then + if echo "$TITLE $BODY" | grep -iqP "(\\b|_)bugs?(\\b|_)"; then echo "Adding 'bug' label..." curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels -d '{"labels": ["bug"]}' else @@ -111,7 +143,7 @@ jobs: fi - name: Add query label run: | - if echo "$TITLE" | grep -iqP "(\\b|_)quer(y|ies)(\\b|_)"; then + if echo "$TITLE $BODY" | grep -iqP "(\\b|_)quer(y|ies)(\\b|_)"; then echo "Adding 'query' label..." curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels -d '{"labels": ["query"]}' else @@ -133,7 +165,7 @@ jobs: declare -p keywords declare -a labels_to_add=() for keyword in "${!keywords[@]}"; do - if echo "$TITLE" | grep -iPq "(\\b|_)$keyword(\\b|_)"; then + if echo "$TITLE $BODY" | grep -iPq "(\\b|_)$keyword(\\b|_)"; then labels_to_add+=("${keywords[$keyword]}") fi done