Checkmarx · asofsilva · Aug 18, 2023 · Aug 3, 2023 · Aug 3, 2023 · Aug 4, 2023
@@ -1,7 +1,7 @@
 ---
 name: Bug report
 about: Create a bug report to help us improve
-title: ''
+title: 'bug(<scope>): <title starting with lowercase letter>'
 labels: community, bug
 assignees: ''
 

@@ -1,7 +1,7 @@
 ---
 name: Feature request
 about: Suggest an idea/feature for this project
-title: ''
+title: 'feat(<scope>): <title starting with lowercase letter>'
 labels: community, feature request
 assignees: ''
 

@@ -1,7 +1,7 @@
 ---
 name: Query
 about: Template to help create/update a query
-title: Add/Update \[QUERY_NAME\] query for \[PLATFORM\] (Terraform, Ansible, ..)
+title: 'query(<platform>): <title starting with lowercase letter>'
 labels: community, query
 assignees: ''
 

@@ -0,0 +1,3 @@
+- feat
+- bug
+- query
@@ -5,4 +5,4 @@ Closes #
 -
 -
 
-I submit this contribution under the Apache-2.0 license.
+I submit this contribution under the Apache-2.0 license.
@@ -1,6 +1,7 @@
 # gets all types from pr-title-types.yaml file and inserts them into the regex
 
 import yaml
+import os
 
 def yaml_to_regex(yaml_file):
     with open(yaml_file, 'r') as f:
@@ -10,4 +11,5 @@ def yaml_to_regex(yaml_file):
 
 
 if __name__ == "__main__":
-    yaml_to_regex('.github/pr-title-types.yaml')
+    file_path = os.environ['FILE_PATH']
+    yaml_to_regex(file_path)
@@ -0,0 +1,16 @@
+Please, follow the guideline for an issue title: 
+
+For **bug**:
+
+`bug(<scope>): <title starting with lowercase letter>`
+
+For **query**:
+
+`query(<platform>): <title starting with lowercase letter>`
+
+For **feature request**:
+
+`feat(<scope>): <title starting with lowercase letter>`
+
+Thank you!
+*KICS Team*
@@ -0,0 +1,8 @@
+Please, follow the guideline for a pull request title: 
+
+`<type>(<scope>): <title starting with lowercase letter>`
+
+You can read more about it [here](https://docs.kics.io/latest/CONTRIBUTING/#pull_requests).
+
+Thank you!
+*KICS Team*
@@ -29,9 +29,9 @@ jobs:
       - name: Create pull request
         uses: peter-evans/create-pull-request@v4
         with:
-          title: "docs: preparing for release ${{ github.event.inputs.version }}"
+          title: "docs(kicsbot): preparing for release ${{ github.event.inputs.version }}"
           token: ${{ secrets.KICS_BOT_PAT }}
-          commit-message: "docs: preparing for release ${{ github.event.inputs.version }}"
+          commit-message: "docs(kicsbot): preparing for release ${{ github.event.inputs.version }}"
           delete-branch: true
           branch: feature/kicsbot-update-docs-index
           base: master

@@ -27,9 +27,9 @@ jobs:
         if: steps.verify-changed-files.outputs.files_changed == 'true'
         uses: peter-evans/create-pull-request@v4
         with:
-          title: "bump: updating software versions"
+          title: "build(deps): updating software versions"
           token: ${{ secrets.KICS_BOT_PAT }}
-          commit-message: "bump: updating software versions to new release"
+          commit-message: "build(deps): updating software versions to new release"
           delete-branch: true
           branch: feature/kicsbot-software-versions
           base: master

@@ -1,14 +1,72 @@
-name: add-issues-labels
+name: validate-issues
 on:
   issues:
     types: [opened, edited, reopened]
-
 jobs:
+  title-check:
+    runs-on: ubuntu-latest
+    env:
+      BODY: ${{ github.event.issue.body }}
+      TITLE: ${{ github.event.issue.title }}
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v3
+      with:
+        persist-credentials: false
+        sparse-checkout: |
+          .github/scripts/pr-issue-info/issue-fail.md
+          .github/scripts/pr-issue-info/get_title_types.py
+          .github/issue-title-types.yaml
+    - name: Set up Python 
+      uses: actions/setup-python@v4
+      with:
+        python-version: "3.x"
+    - name: Install dependencies
+      run: python3 -m pip install --upgrade pip pyyaml
+    - name: Check issue title 
+      env:
+        FILE_PATH: .github/issue-title-types.yaml
+      run: |
+        regex=$(python3 .github/scripts/pr-issue-info/get_title_types.py)
+        echo "Title regex: $regex"
+        echo "$TITLE" | grep -Pq "$regex" || (echo "$ERROR_MSG" && echo "TITLE_CHECK_FAILED=true" >> $GITHUB_ENV)
+    - name: Check for comment tag
+      if: env.TITLE_CHECK_FAILED != 'true'
+      run: |
+        comments=$(curl -s -H "Authorization: token ${{ secrets.KICS_BOT_PAT }}" \
+            -X GET "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/comments")
+        if echo "$comments" | grep -q "title_check"; then
+          echo "TAG_EXISTS=true" >> $GITHUB_ENV
+        else
+          echo "TAG_EXISTS=false" >> $GITHUB_ENV
+        fi
+    - name: Delete comment if title is fixed
+      if: env.TAG_EXISTS == 'true'
+      uses: thollander/actions-comment-pull-request@v2
+      with:
+        message: |
+          Deleting comment, please refresh the page...
+        comment_tag: title_check
+        mode: delete
+        GITHUB_TOKEN: ${{ secrets.KICS_BOT_PAT }}
+    - name: Add comment if title fails
+      if: env.TITLE_CHECK_FAILED == 'true'
+      uses: thollander/actions-comment-pull-request@v2
+      with:
+        filePath: .github/scripts/pr-issue-info/issue-fail.md
+        comment_tag: title_check
+        mode: recreate
+        create_if_not_exists: true
+        GITHUB_TOKEN: ${{ secrets.KICS_BOT_PAT }}
+    - name: Workflow failed
+      if: env.TITLE_CHECK_FAILED == 'true'
+      run: exit 1
   labels-check:
     runs-on: ubuntu-latest
     env:
       BODY: ${{ github.event.issue.body }}
       LABELS: ${{ toJson(github.event.issue.labels) }}
+      TITLE: ${{ github.event.issue.title }}
     steps:
     - name: Checkout code
       uses: actions/checkout@v3
@@ -21,8 +79,6 @@ jobs:
       run: sudo apt-get install jq
     - name: Get username
       run: echo "USERNAME=${{ github.event.issue.user.login }}" >> $GITHUB_ENV
-    - name: Get title
-      run: echo "TITLE=${{ github.event.issue.title }}" >> $GITHUB_ENV
     - name: Check user username
       run: |
         response=$(curl -s -H "Authorization: token ${{ secrets.KICS_BOT_PAT }}" "https://api.github.com/orgs/Checkmarx/teams/kics-core-team/members")
@@ -40,9 +96,28 @@ jobs:
         if [[ "$IS_MEMBER" == "false" ]]; then
           curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d '{"labels": ["community"]}'
         fi
+    - name: Add feature or feature request label
+      run: |
+        if [[ "$TITLE" == feat* ]] || echo "$TITLE $BODY" | grep -iqP "feature request" || echo "$BODY" | grep -iqP "Is your feature request related to a problem? Please describe." || echo "$BODY" | grep -iqP "Describe the solution you'd like" || echo "$BODY" | grep -iqP "Describe alternatives you've considered" || echo "$BODY" | grep -iqP "Additional context"; then
+          if [[ "$IS_MEMBER" == "true" ]]; then
+            echo "Adding 'feature' label..."
+            curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d '{"labels": ["feature"]}'
+          else
+            echo "Adding 'feature request' label..."
+            curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d '{"labels": ["feature request"]}'
+          fi
+        else
+          if echo "$LABELS" | grep -q "feature request"; then
+            echo "Removing 'feature request' label..."
+            curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels/feature%20request
+          elif echo "$LABELS" | grep -q "feature"; then
+            echo "Removing 'feature' label..."
+            curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels/feature
+          fi
+        fi
     - name: Add bug label
       run: |
-        if echo "$TITLE $BODY" | grep -iqP "(\\b|_)bugs?(\\b|_)"; then
+        if echo "$TITLE $BODY" | grep -iqP "(\\b|_)bugs?(\\b|_)" || echo "$BODY" | grep -iqP "steps to reproduce" || echo "$BODY" | grep -iqP "actual behavior" || echo "$BODY" | grep -iqP "expected behavior"; then
           echo "Adding 'bug' label..."
           curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d '{"labels": ["bug"]}'
         else 
@@ -53,7 +128,7 @@ jobs:
         fi
     - name: Add query label
       run: |
-        if echo "$TITLE $BODY" | grep -iqP "(\\b|_)quer(y|ies)(\\b|_)"; then
+        if echo "$TITLE $BODY" | grep -iqP "(\\b|_)quer(y|ies)(\\b|_)" || echo "$BODY" | grep -iqP "### Platform" || echo "$BODY" | grep -iqP "### Provider"; then
           echo "Adding 'query' label... "
           curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d '{"labels": ["query"]}'
         else 

@@ -1,15 +1,15 @@
-name: validate-pr-title
+name: validate-prs
 on:
   pull_request_target:
     types: [opened, synchronize, edited, reopened]
     branches: 
       - master
-
 jobs:
   title-check:
     runs-on: ubuntu-latest
     env:
-      ERROR_MSG: "The PR title does not match the required format: <type>(<tag>): <title>"
+      ERROR_MSG: "The PR title does not match the required format: <type>(<scope>): <title>"
+      TITLE: ${{ github.event.pull_request.title }}
     steps:
     - name: Checkout code
       uses: actions/checkout@v3
@@ -18,24 +18,59 @@ jobs:
         sparse-checkout: |
           .github/scripts/pr-issue-info/get_title_types.py
           .github/pr-title-types.yaml
+          .github/scripts/pr-issue-info/title-fail.md
     - name: Print PR Title
-      run: echo "${{ github.event.pull_request.title }}"
+      run: echo "$TITLE"
     - name: Set up Python 
       uses: actions/setup-python@v4
       with:
         python-version: "3.x"
     - name: Install dependencies
       run: python3 -m pip install --upgrade pip pyyaml
     - name: Check PR Title
+      env:
+        FILE_PATH: .github/pr-title-types.yaml
       run: |
         regex=$(python3 .github/scripts/pr-issue-info/get_title_types.py)
         echo "Title regex: $regex"
-        title="${{ github.event.pull_request.title }}"
-        echo $title | grep -Pq "$regex" || (echo "$ERROR_MSG" && exit 1)
+        echo "$TITLE" | grep -Pq "$regex" || (echo "$ERROR_MSG" && echo "TITLE_CHECK_FAILED=true" >> $GITHUB_ENV)
+    - name: Check for comment tag
+      if: env.TITLE_CHECK_FAILED != 'true'
+      run: |
+        comments=$(curl -s -H "Authorization: token ${{ secrets.KICS_BOT_PAT }}" \
+            -X GET "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments")
+        if echo "$comments" | grep -q "title_check"; then
+          echo "TAG_EXISTS=true" >> $GITHUB_ENV
+        else
+          echo "TAG_EXISTS=false" >> $GITHUB_ENV
+        fi
+    - name: Delete comment if title is fixed
+      if: env.TAG_EXISTS == 'true'
+      uses: thollander/actions-comment-pull-request@v2
+      with:
+        message: |
+          Deleting comment, please refresh the page...
+        comment_tag: title_check
+        mode: delete
+        GITHUB_TOKEN: ${{ secrets.KICS_BOT_PAT }}
+    - name: Add comment if title fails
+      if: env.TITLE_CHECK_FAILED == 'true'
+      uses: thollander/actions-comment-pull-request@v2
+      with:
+        filePath: .github/scripts/pr-issue-info/title-fail.md
+        comment_tag: title_check
+        mode: recreate
+        create_if_not_exists: true
+        GITHUB_TOKEN: ${{ secrets.KICS_BOT_PAT }}
+    - name: Workflow failed
+      if: env.TITLE_CHECK_FAILED == 'true'
+      run: exit 1
   labels-check:
     runs-on: ubuntu-latest
     env:
+      BODY: ${{ github.event.pull_request.body }}
       LABELS: ${{ toJson(github.event.pull_request.labels) }}
+      TITLE: ${{ github.event.pull_request.title }}
     steps:
     - name: Checkout code
       uses: actions/checkout@v3
@@ -48,17 +83,15 @@ jobs:
       run: echo "USERNAME=${{ github.event.pull_request.user.login }}" >> $GITHUB_ENV
     - name: Install JQ
       run: sudo apt-get install jq
-    - name: Get title
-      run: echo "TITLE=${{ github.event.pull_request.title }}" >> $GITHUB_ENV
     - name: Check user username
       run: |
         response=$(curl -s -H "Authorization: token ${{ secrets.KICS_BOT_PAT }}" "https://api.github.com/orgs/Checkmarx/teams/kics-core-team/members")
         team_members=$(echo "$response" | jq -r '.[].login')
-        if echo "${team_members[@]}" | grep -Pq "^$USERNAME$"; then
-          echo "Contributor belongs to Checkmarx organization"
+        if [[ "$USERNAME" == "dependabot[bot]" ]] || echo "${team_members[@]}" | grep -Pq "^$USERNAME$"; then
+          echo "Contributor belongs to Checkmarx organization."
           is_member="true"
         else
-          echo "Contributor does not belong to Checkmarx organization"
+          echo "Contributor does not belong to Checkmarx organization."
           is_member="false"
         fi
         echo "IS_MEMBER=$is_member" >> $GITHUB_ENV
@@ -99,7 +132,7 @@ jobs:
         fi
     - name: Add bug label
       run: |
-        if echo "$TITLE" | grep -iqP "(\\b|_)bugs?(\\b|_)"; then
+        if echo "$TITLE $BODY" | grep -iqP "(\\b|_)bugs?(\\b|_)"; then
           echo "Adding 'bug' label..."
           curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels -d '{"labels": ["bug"]}'
         else
@@ -110,7 +143,7 @@ jobs:
         fi
     - name: Add query label
       run: |
-        if echo "$TITLE" | grep -iqP "(\\b|_)quer(y|ies)(\\b|_)"; then
+        if echo "$TITLE $BODY" | grep -iqP "(\\b|_)quer(y|ies)(\\b|_)"; then
           echo "Adding 'query' label..."
           curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels -d '{"labels": ["query"]}'
         else
@@ -132,7 +165,7 @@ jobs:
         declare -p keywords
         declare -a labels_to_add=()
         for keyword in "${!keywords[@]}"; do
-          if echo "$TITLE" | grep -iPq "(\\b|_)$keyword(\\b|_)"; then
+          if echo "$TITLE $BODY" | grep -iPq "(\\b|_)$keyword(\\b|_)"; then
             labels_to_add+=("${keywords[$keyword]}")
           fi
         done