yunohosters submission #223
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate and Tag Pull Requests | |
| on: | |
| pull_request: | |
| branches: | |
| - "*" | |
| jobs: | |
| validate-pr: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Ensure only allowed files are changed | |
| run: | | |
| for f in $(git diff --name-only origin/main...HEAD); do | |
| # 1) Block any README.md immediately | |
| if [[ "$f" == *README.md ]]; then | |
| echo "❌ PR modifies a README file: $f" | |
| exit 1 | |
| fi | |
| # 2) Allow teams.md or anything under submissions/ | |
| if [[ "$f" == teams.md || "$f" == submissions/* ]]; then | |
| continue | |
| fi | |
| # 3) Everything else is unauthorized | |
| echo "❌ PR modifies unauthorized file: $f" | |
| exit 1 | |
| done | |
| echo "✅ All changed files are authorized." | |
| - name: Categorize PR files | |
| id: filter | |
| uses: dorny/paths-filter@v3 | |
| with: | |
| filters: | | |
| teams: | |
| - 'teams.md' | |
| submission: | |
| - 'submissions/**' | |
| - name: Reject PRs touching both teams.md and submissions | |
| if: | | |
| steps.filter.outputs.teams == 'true' && | |
| steps.filter.outputs.submission == 'true' | |
| run: | | |
| echo "❌ You cannot edit teams.md and submit a file in the same PR." | |
| exit 1 | |
| - name: Reject invalid PR type | |
| if: | | |
| steps.filter.outputs.teams == 'false' && | |
| steps.filter.outputs.submission == 'false' | |
| run: | | |
| echo "❌ This PR does not match any of the allowed types (teams.md entry or submissions)." | |
| exit 1 | |
| - name: Extract and validate team name | |
| if: steps.filter.outputs.submission == 'true' | |
| id: teamname | |
| run: | | |
| team_names=$(git diff --name-only origin/main...HEAD | grep '^submissions/' | cut -d'/' -f2 | sort | uniq) | |
| team_count=$(echo "$team_names" | wc -l) | |
| if [ "$team_count" -ne 1 ]; then | |
| echo "❌ PR must only concern one team. Found teams: $team_names" | |
| exit 1 | |
| fi | |
| echo "TEAM_NAME=$team_names" >> "$GITHUB_ENV" | |
| echo "✅ Team detected: $team_names" | |
| - name: Install Python dependencies | |
| run: | | |
| python3 -m pip install --upgrade pip | |
| pip install -r .scripts/requirements.txt | |
| - name: Run check_submissions.py | |
| run: | | |
| python3 .scripts/check_submissions.py | |
| - name: Label with team name | |
| if: steps.filter.outputs.submission == 'true' | |
| run: | | |
| label="${{ env.TEAM_NAME }}" | |
| if ! gh label create "$label" --color "ededed" --description "Label for team $label"; then | |
| continue | |
| fi | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Label as Team entry | |
| if: steps.filter.outputs.teams == 'true' | |
| uses: actions-ecosystem/action-add-labels@v1 | |
| with: | |
| labels: team | |
| github_token: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Label as Submission | |
| if: steps.filter.outputs.submission == 'true' | |
| uses: actions-ecosystem/action-add-labels@v1 | |
| with: | |
| labels: submission | |
| github_token: "${{ secrets.GITHUB_TOKEN }}" |