-
Notifications
You must be signed in to change notification settings - Fork 1.7k
136 lines (120 loc) · 5.66 KB
/
solidity-tracability.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# This workflow handles the enforcement of code Traceability via changesets and jira issue linking for our Solidity codebase.
name: Solidity Tracability
on:
merge_group:
pull_request:
defaults:
run:
shell: bash
jobs:
files-changed:
# The job skips on merge_group events, and any release branches, and forks
# Since we only want to enforce Jira issues on pull requests related to feature branches
if: ${{ github.event_name != 'merge_group' && !startsWith(github.head_ref, 'release/') && github.event.pull_request.head.repo.full_name == 'smartcontractkit/chainlink' }}
name: Detect Changes
runs-on: ubuntu-latest
outputs:
source: ${{ steps.files-changed.outputs.source }}
changesets: ${{ steps.files-changed.outputs.changesets }}
changesets_files: ${{ steps.files-changed.outputs.changesets_files }}
steps:
- name: Checkout the repo
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Filter paths
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: files-changed
with:
list-files: "json"
# This is a valid input, see https://github.com/dorny/paths-filter/pull/226
predicate-quantifier: "every"
filters: |
source:
- contracts/**/*.sol
- '!contracts/**/*.t.sol'
changesets:
- 'contracts/.changeset/**'
enforce-traceability:
# Note: A job that is skipped will report its status as "Success".
# It will not prevent a pull request from merging, even if it is a required check.
needs: [files-changed]
# We only want to run this job if the source files have changed
if: ${{ needs.files-changed.outputs.source == 'true' }}
name: Enforce Traceability
runs-on: ubuntu-latest
permissions:
actions: read
id-token: write
contents: read
pull-requests: write
steps:
# https://github.com/planetscale/ghcommit-action/blob/c7915d6c18d5ce4eb42b0eff3f10a29fe0766e4c/README.md?plain=1#L41
#
# Include the pull request ref in the checkout action to prevent merge commit
# https://github.com/actions/checkout?tab=readme-ov-file#checkout-pull-request-head-commit-instead-of-merge-commit
- name: Checkout the repo
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Assume role capable of dispatching action
uses: smartcontractkit/.github/actions/setup-github-token@ef78fa97bf3c77de6563db1175422703e9e6674f # [email protected]
id: get-gh-token
with:
aws-role-arn: ${{ secrets.AWS_OIDC_CHAINLINK_CI_AUTO_PR_TOKEN_ISSUER_ROLE_ARN }}
aws-lambda-url: ${{ secrets.AWS_INFRA_RELENG_TOKEN_ISSUER_LAMBDA_URL }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Make a comment
uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0
with:
message: |
I see you updated files related to `contracts`. Please run `pnpm changeset` in the `contracts` directory to add a changeset.
reactions: eyes
comment_tag: changeset-contracts
# If the changeset is added, then we delete the comment, otherwise we add it.
mode: ${{ needs.files-changed.outputs.changesets == 'true' && 'delete' || 'upsert' }}
# We only create the comment if the changeset is not added
create_if_not_exists: ${{ needs.files-changed.outputs.changesets == 'true' && 'false' || 'true' }}
- name: Check for new changeset for contracts
if: ${{ needs.files-changed.outputs.changesets == 'false' }}
shell: bash
run: |
echo "Please run pnpm changeset to add a changeset for contracts."
exit 1
- name: Setup NodeJS
uses: ./.github/actions/setup-nodejs
- name: Setup Jira
working-directory: ./.github/scripts/jira
run: pnpm i
# Because of our earlier checks, we know that both the source and changeset files have changed
- name: Enforce Traceability
working-directory: ./.github/scripts/jira
run: |
echo "COMMIT_MESSAGE=$(git log -1 --pretty=format:'%s')" >> $GITHUB_ENV
pnpm issue:enforce
env:
CHANGESET_FILES: ${{ needs.files-changed.outputs.changesets_files }}
PR_TITLE: ${{ github.event.pull_request.title }}
BRANCH_NAME: ${{ github.event.pull_request.head.ref }}
JIRA_HOST: ${{ vars.JIRA_HOST }}
JIRA_USERNAME: ${{ secrets.JIRA_USERNAME }}
JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Commit appended changeset file back to repo
- uses: planetscale/ghcommit-action@13a844326508cdefc72235201bb0446d6d10a85f # v0.1.6
with:
commit_message: "[Bot] Update changeset file with jira issue"
repo: ${{ github.repository }}
branch: ${{ github.head_ref }}
file_pattern: "contracts/.changeset/*"
env:
GITHUB_TOKEN: ${{ steps.get-gh-token.outputs.access-token }}
- name: Collect Metrics
id: collect-gha-metrics
if: always()
uses: smartcontractkit/push-gha-metrics-action@d9da21a2747016b3e13de58c7d4115a3d5c97935 # v3.0.1
with:
id: soldity-traceability
org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }}
this-job-name: Enforce Traceability
continue-on-error: true