chore(governance): check for related issue in new PRs

Author: heitorlessa

.github/workflows/lib/export_pr_details.yml

@@ -0,0 +1,75 @@
+on:
+  workflow_call:
+    inputs:
+      record_pr_workflow_id:
+        required: true
+        type: number
+    secrets:
+      token:
+        required: true
+    # Map the workflow outputs to job outputs
+    outputs:
+      prNumber:
+        description: "The first output string"
+        value: ${{ jobs.export_pr_details.outputs.prNumber }}
+      prTitle:
+        description: "The second output string"
+        value: ${{ jobs.export_pr_details.outputs.prTitle }}
+      prBody:
+        description: "The second output string"
+        value: ${{ jobs.export_pr_details.outputs.prBody }}
+      prAuthor:
+        description: "The second output string"
+        value: ${{ jobs.export_pr_details.outputs.prAuthor }}
+      prAction:
+        description: "The second output string"
+        value: ${{ jobs.export_pr_details.outputs.prAction }}
+
+name: Export Pull Request details from fork
+jobs:
+  export_pr_details:
+    runs-on: ubuntu-latest
+    # Map the job outputs to step outputs
+    outputs:
+      prNumber: ${{ steps.prNumber.outputs.prNumber }}
+      prTitle: ${{ steps.prTitle.outputs.prTitle }}
+      prBody: ${{ steps.prBody.outputs.prBody }}
+      prAuthor: ${{ steps.prAuthor.outputs.prAuthor }}
+      prAction: ${{ steps.prAction.outputs.prAction }}
+    steps:
+      - name: "Download artifact"
+        uses: actions/github-script@v6
+        # For security, we only download artifacts tied to the successful PR recording workflow
+        with:
+          github-token: ${{ inputs.token }}
+          script: |
+            const fs = require('fs');
+
+            const artifacts = await github.rest.actions.listWorkflowRunArtifacts({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               run_id: ${{inputs.record_pr_workflow_id}},
+            });
+
+            const matchArtifact = artifacts.data.artifacts.filter(artifact => artifact.name == "pr")[0];
+
+            const artifact = await github.rest.actions.downloadArtifact({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               artifact_id: matchArtifact.id,
+               archive_format: 'zip',
+            });
+
+            fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(artifact.data));
+      # NodeJS standard library doesn't provide ZIP capabilities; use system `unzip` command instead
+      - run: unzip pr.zip
+      - id: prNumber
+        run: echo ::set-output name=prNumber::$(cat ./number)
+      - id: prTitle
+        run: echo ::set-output name=prTitle::$(cat ./title)
+      - id: prBody
+        run: echo ::set-output name=prBody::$(cat ./body)
+      - id: prAuthor
+        run: echo ::set-output name=prAuthor::$(cat ./author)
+      - id: prAction
+        run: echo ::set-output name=prAction::$(cat ./action)

.github/workflows/on_opened_pr.yml

@@ -0,0 +1,58 @@
+on:
+  workflow_run:
+    workflows: ["Record PR number"]
+    types:
+      - completed
+
+env:
+  BLOCK_LABEL: "do-not-merge"
+  BLOCK_REASON_LABEL: "need-issue"
+
+jobs:
+  get_pr_details:
+    if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success'
+    uses: ./.github/workflows/lib/export_pr_details.yml
+    with:
+      record_pr_workflow_id: ${{ github.event.workflow_run.id }}
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
+  check_related_issue:
+    needs: get_pr_details
+    if: >
+      ${{ needs.get_pr_details.outputs.prAuthor != 'dependabot[bot]' &&
+          needs.get_pr_details.outputs.prAction == 'opened'
+      }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Ensure related issue is present"
+        uses: actions/github-script@v6
+        with:
+          # Maintenance: convert into a standalone JS like post_release.js
+          script: |
+            const prBody = ${{ needs.get_pr_details.outputs.prBody }};
+            const prNumber = ${{ needs.get_pr_details.outputs.prNumber }};
+            const blockLabel = process.env.BLOCK_LABEL;
+            const blockReasonLabel = process.env.BLOCK_REASON_LABEL;
+
+            const RELATED_ISSUE_REGEX = /Issue number:.+(\d)/
+
+            const matcher = new RegExp(RELATED_ISSUE_REGEX)
+            const isMatch = matcher.exec(prBody)
+            if (isMatch == null) {
+                console.info(`No related issue found, maybe the author didn't use the template but there is one.`)
+
+                let msg = `⚠️ No related issues found. Please ensure there is an open issue related to this change to avoid significant delays or closure. ⚠️`;
+                await github.rest.issues.createComment({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  body: msg,
+                  issue_number: prNumber,
+                });
+
+                await github.rest.issues.addLabels({
+                  issue_number: prNumber,
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  labels: [blockLabel, blockReasonLabel]
+                })
+            }

.github/workflows/record_pr.yml

@@ -15,6 +15,9 @@ jobs:
           mkdir -p ./pr
           echo ${{ github.event.number }} > ./pr/number
           echo "${{ github.event.pull_request.title }}" > ./pr/title
+          echo "${{ github.event.pull_request.body }}" > ./pr/body
+          echo "${{ github.event.pull_request.user.login }}" > ./pr/author
+          echo "${{ github.event.action }}" > ./pr/action
       - uses: actions/upload-artifact@v3
         with:
           name: pr

.gitignore

@@ -304,3 +304,5 @@ api/
 site/
 !404.html
 !docs/overrides/*.html
+
+!.github/workflows/lib