feat(jans-cedarling): update PolicyStore parser to support agama-lab generated policies #1445
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: documentation | |
on: | |
workflow_dispatch: | |
pull_request: | |
types: | |
- opened | |
- edited | |
paths: | |
- 'docs/**' | |
permissions: | |
contents: read | |
jobs: | |
docs: | |
if: github.repository == 'JanssenProject/jans' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
egress-policy: audit | |
- name: Checkout code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
- name: Set up Python 3.7 | |
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 | |
with: | |
python-version: 3.7 | |
- name: Auto-merge inhouse doc prs | |
run: | | |
sudo apt-get update | |
sudo apt-get install jq | |
echo "${{ secrets.MOAUTO_WORKFLOW_TOKEN }}" | gh auth login --with-token | |
pull_number=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH") | |
NUMBER_OF_FOLDERS_CHANGED=$( gh pr view $pull_number --json files --jq '.files.[].path' | cut -d/ -f1 | sort -u | wc -l) | |
echo "The number of folders that changed are $NUMBER_OF_FOLDERS_CHANGED" | |
IS_USER_ORG_MEMBER=$(gh api -H "Accept: application/vnd.github.v3+json" --hostname github.com /orgs/${{ github.repository_owner }}/members?per_page=100 | jq .[].login | grep ${{ github.actor }}) | |
echo "checking if ${{ github.actor }} belongs to the ${{ github.repository_owner }}. Found $IS_USER_ORG_MEMBER." | |
PULL_NUMBER=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH") | |
#The number of folders changed should be 1. Otherwise the contributor has touched other folders besides /docs. | |
if [[ $NUMBER_OF_FOLDERS_CHANGED == "1" ]] && [[ ! -z "$IS_USER_ORG_MEMBER" ]]; then | |
echo "Approving PR $PULL_NUMBER" | |
gh pr review --approve $PULL_NUMBER | |
echo "Merging PR $PULL_NUMBER" | |
gh pr merge --squash --auto $PULL_NUMBER | |
echo "" | |
else | |
echo "Bot will not merge this as it does not meet the requirements." | |
echo "Either the developer has merged with doc changes code changes or an external contributor has requested doc changes." | |
fi | |
check_pr: | |
if: github.repository == 'JanssenProject/jans' | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
egress-policy: audit | |
- name: Checkout code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
- name: Install latest GH | |
continue-on-error: true | |
run: | | |
VERSION=`curl "https://api.github.com/repos/cli/cli/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/' | cut -c2-` | |
echo $VERSION | |
curl -sSL https://github.com/cli/cli/releases/download/v${VERSION}/gh_${VERSION}_linux_amd64.tar.gz -o gh_${VERSION}_linux_amd64.tar.gz | |
tar xvf gh_${VERSION}_linux_amd64.tar.gz | |
sudo cp gh_${VERSION}_linux_amd64/bin/gh /usr/local/bin/ | |
gh version | |
- name: Check commit message | |
continue-on-error: true | |
id: check_message | |
run: | | |
PULL_NUMBER=$(echo "$GITHUB_REF" | awk -F / '{print $3}') | |
echo "Parsing commits from PR $PULL_NUMBER" | |
MESSAGE=$(gh pr view "$PULL_NUMBER" --json commits | jq '.' | grep "messageHeadline" | cut -d: -f2- | grep "^docs" || echo "") | |
echo "$MESSAGE" | |
if [[ -z "$MESSAGE" ]]; then | |
echo "conventional commit starting with docs: does not exist" | |
exit 1 | |
else | |
echo "conventional commit exists starting with docs:" | |
exit 0 | |
fi | |
- name: Verify Changed files | |
if: steps.check_message.outcome != 'success' | |
id: check_files | |
run: | | |
pull_number=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH") | |
CHANGES=$(gh pr view $pull_number --json files --jq '.files.[].path' | cut -d/ -f1 | grep '^docs' | sort -u ) | |
if [ -n "$CHANGES" ]; then | |
echo "File changes exist" | |
exit 0 | |
else | |
echo "No file changes" | |
exit 1 | |
fi | |
lint_docs: | |
if: github.repository == 'JanssenProject/jans' | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
egress-policy: audit | |
- name: Checkout code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
- name: Markdown linter | |
continue-on-error: true | |
run: | | |
sudo apt-get install rubygems -y | |
sudo gem install mdl | |
mdl --style automation/markdown/.mdl_style.rb docs/ | |