feat: verify presence and relevance of PR labels

also: generate change requests on failure and PR approval on success.
dupuy · Mar 25, 2024 · 9d3e790 · 9d3e790
1 parent 57a289f
commit 9d3e790
Showing 1 changed file with 39 additions and 7 deletions.
diff --git a/.github/workflows/assign-labels.yaml → .github/workflows/manage-labels.yaml b/.github/workflows/assign-labels.yaml → .github/workflows/manage-labels.yaml
@@ -7,7 +7,7 @@
 # For more information, see:
 # https://github.com/dupuy/action-assign-labels?tab=readme-ov-file#computer-how-to-use-action-assign-labels
 
-name: 'Assign labels to PRs from conventional commit titles'
+name: 'Label management for PRs'
 
 on:
   pull_request:
@@ -18,15 +18,14 @@ on:
       - reopened
       - synchronize
 
-# Declare default permissions as read only.
+# Declare default permissions.
 permissions:
   contents: read
+  pull-requests: write
 
 jobs:
   assign-labels:
     runs-on: ubuntu-22.04
-    permissions:
-      pull-requests: write
 
     steps:
       - name: 'Harden runner'
@@ -37,11 +36,13 @@ jobs:
           allowed-endpoints: >
             api.github.com:443
 
-      - name: 'Assign labels'
+      - name: 'Assign labels to PRs from conventional commit types'
         uses: dupuy/action-assign-labels@b6939985ff45d0ddb5254ead207198af4f93fba5
         with:
           apply-changes: true
-          conventional-commits: |
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          maintain-labels-not-matched: true
+          conventional-commits: | # This is just a string only parsed by action
             conventional-commits:
               - type: 'fix'
                 nouns: ['fix']
@@ -72,5 +73,36 @@ jobs:
                 nouns: ['style']
                 labels: ['style']
 
+  verify-labels:
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: 'Harden runner'
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+
+      - name: 'Checkout repository'
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        with:
+          fetch-depth: 1
+          ref: ${{ github.event.pull_request.head.ref }}
+
+      - name: 'Verify labels in a PR'
+        id: action-verify-labels
+        uses: dupuy/action-verify-labels@16e1b6e0801717f0498e64a354bfd228ab432f8c
+        with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
-          maintain-labels-not-matched: true
+          request-review: true
+          request-review-header: '🔖 **verify-labels-action**'
+
+          none: >-
+            duplicate, inactive, invalid, question, wontfix,
+            good first issue, help wanted
+          some: >-
+            bug, enhancement, major,
+            deployment, documentation, integration, performance, refactor,
+            style, testing,