SEC-090: Automated trusted workflow pinning (2024-04-29) #73
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) HashiCorp, Inc. | ||
|
Check failure on line 1 in .github/workflows/changelog-checker.yml
|
||
| # SPDX-License-Identifier: MPL-2.0 | ||
| # This workflow checks that there is either a 'pr/no-changelog' label applied to a PR | ||
| # or there is a .changelog/<pr number>.txt file associated with a PR for a changelog entry | ||
| name: Changelog Checker | ||
| on: | ||
| pull_request: | ||
| types: [opened, synchronize, labeled] | ||
| # Runs on PRs to main and all release branches | ||
| branches: | ||
| - main | ||
| - release/* | ||
| jobs: | ||
| # checks that a .changelog entry is present for a PR | ||
| changelog-check: | ||
| # If there a `pr/no-changelog` label we ignore this check. Also, we ignore PRs created by the bot assigned to `backport-assistant` | ||
| if: ! ( contains(github.event.pull_request.labels.*.name, 'pr/no-changelog') ) | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
| with: | ||
| ref: ${{ github.event.pull_request.head.sha }} | ||
| fetch-depth: 0 # by default the checkout action doesn't checkout all branches | ||
| - name: Check for changelog entry in diff | ||
| run: ./.github/scripts/changelog_checker.sh | ||
| env: | ||
| GITHUB_BASE_REF: ${{ github.event.pull_request.base.ref }} | ||
| GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} | ||
| PR_NUMBER: ${{ github.event.pull_request.number }} | ||
