mirror of
https://github.com/hwchase17/langchain.git
synced 2026-04-04 11:25:11 +00:00
54a5f83f2e
Remove `opened` from the `require_issue_link.yml` trigger list. New PRs never have labels at creation time, so the job-level `if` (which requires the `external` label) always evaluated to skip — producing a noisy "Skipped" check on every internal PR. Enforcement chains through `pr_labeler.yml` → `labeled` event, making `opened` a no-op. ## Changes - Drop `opened` from `pull_request_target.types` in `require_issue_link.yml` — only `edited`, `reopened`, and `labeled` remain - Update header comment to document why `opened` is intentionally excluded
309 lines
13 KiB
YAML
309 lines
13 KiB
YAML
# Require external PRs to link to an approved issue or discussion using
|
|
# GitHub auto-close keywords (Fixes #NNN, Closes #NNN, Resolves #NNN),
|
|
# AND require that the PR author is assigned to the linked issue.
|
|
#
|
|
# - Reacts to the "external" label applied by pr_labeler.yml,
|
|
# avoiding a duplicate org membership check.
|
|
# - Also re-checks on PR edits/reopens for PRs that already have the label.
|
|
# - Bypasses the check for PRs with the "trusted-contributor" label, and
|
|
# automatically reopens/cleans up PRs that receive it after enforcement.
|
|
# - Validates the PR author is an assignee on at least one linked issue.
|
|
# - Adds a "missing-issue-link" label on failure; removes it on pass.
|
|
# - Automatically reopens PRs that were closed by this workflow once the
|
|
# check passes (e.g. author edits the body to add a valid issue link).
|
|
# - Posts (or updates) a comment explaining the requirement on failure.
|
|
# - Cancels all other in-progress/queued CI runs for the PR on closure.
|
|
# - Deduplicates comments via an HTML marker so re-runs don't spam.
|
|
#
|
|
# Dependency: pr_labeler.yml must run first to apply the "external" label
|
|
# on new PRs. This workflow chains off that classification via the "labeled"
|
|
# event. It does NOT trigger on "opened" because new PRs have no labels yet,
|
|
# so the job-level gate would always skip — producing noisy "Skipped" checks.
|
|
|
|
name: Require Issue Link
|
|
|
|
on:
|
|
pull_request_target:
|
|
types: [edited, reopened, labeled]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
check-issue-link:
|
|
# Run when the "external" label is added, or on edit/reopen if already labeled.
|
|
# Skip entirely when the PR already carries "trusted-contributor".
|
|
if: >-
|
|
!contains(github.event.pull_request.labels.*.name, 'trusted-contributor') &&
|
|
(
|
|
(github.event.action == 'labeled' && github.event.label.name == 'external') ||
|
|
(github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'external'))
|
|
)
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
actions: write
|
|
pull-requests: write
|
|
|
|
steps:
|
|
- name: Check for issue link and assignee
|
|
id: check-link
|
|
uses: actions/github-script@v8
|
|
with:
|
|
script: |
|
|
const { owner, repo } = context.repo;
|
|
const prNumber = context.payload.pull_request.number;
|
|
|
|
// Fetch live labels to handle the race where "external" fires
|
|
// before "trusted-contributor" appears in the event payload.
|
|
const { data: liveLabels } = await github.rest.issues.listLabelsOnIssue({
|
|
owner, repo, issue_number: prNumber,
|
|
});
|
|
if (liveLabels.some(l => l.name === 'trusted-contributor')) {
|
|
console.log('PR has trusted-contributor label — bypassing issue link check');
|
|
core.setOutput('has-link', 'true');
|
|
core.setOutput('is-assigned', 'true');
|
|
return;
|
|
}
|
|
|
|
const body = context.payload.pull_request.body || '';
|
|
const pattern = /(?:close[sd]?|fix(?:e[sd])?|resolve[sd]?)\s*#(\d+)/gi;
|
|
const matches = [...body.matchAll(pattern)];
|
|
|
|
if (matches.length === 0) {
|
|
console.log('No issue link found in PR body');
|
|
core.setOutput('has-link', 'false');
|
|
core.setOutput('is-assigned', 'false');
|
|
return;
|
|
}
|
|
|
|
const issues = matches.map(m => `#${m[1]}`).join(', ');
|
|
console.log(`Found issue link(s): ${issues}`);
|
|
core.setOutput('has-link', 'true');
|
|
|
|
// Check whether the PR author is assigned to at least one linked issue
|
|
const prAuthor = context.payload.pull_request.user.login;
|
|
const MAX_ISSUES = 5;
|
|
const allIssueNumbers = [...new Set(matches.map(m => parseInt(m[1], 10)))];
|
|
const issueNumbers = allIssueNumbers.slice(0, MAX_ISSUES);
|
|
if (allIssueNumbers.length > MAX_ISSUES) {
|
|
core.warning(
|
|
`PR references ${allIssueNumbers.length} issues — only checking the first ${MAX_ISSUES}`,
|
|
);
|
|
}
|
|
|
|
let assignedToAny = false;
|
|
for (const num of issueNumbers) {
|
|
try {
|
|
const { data: issue } = await github.rest.issues.get({
|
|
owner, repo, issue_number: num,
|
|
});
|
|
const assignees = issue.assignees.map(a => a.login.toLowerCase());
|
|
if (assignees.includes(prAuthor.toLowerCase())) {
|
|
console.log(`PR author "${prAuthor}" is assigned to #${num}`);
|
|
assignedToAny = true;
|
|
break;
|
|
} else {
|
|
console.log(`PR author "${prAuthor}" is NOT assigned to #${num} (assignees: ${assignees.join(', ') || 'none'})`);
|
|
}
|
|
} catch (error) {
|
|
if (error.status === 404) {
|
|
console.log(`Issue #${num} not found — skipping`);
|
|
} else {
|
|
// Non-404 errors (rate limit, server error) must not be
|
|
// silently skipped — they could cause false enforcement
|
|
// (closing a legitimate PR whose assignment can't be verified).
|
|
throw new Error(
|
|
`Cannot verify assignee for issue #${num} (${error.status}): ${error.message}`,
|
|
);
|
|
}
|
|
}
|
|
}
|
|
|
|
core.setOutput('is-assigned', assignedToAny ? 'true' : 'false');
|
|
|
|
- name: Add missing-issue-link label
|
|
if: steps.check-link.outputs.has-link != 'true' || steps.check-link.outputs.is-assigned != 'true'
|
|
uses: actions/github-script@v8
|
|
with:
|
|
script: |
|
|
const { owner, repo } = context.repo;
|
|
const prNumber = context.payload.pull_request.number;
|
|
const labelName = 'missing-issue-link';
|
|
|
|
// Ensure the label exists (no checkout/shared helper available)
|
|
try {
|
|
await github.rest.issues.getLabel({ owner, repo, name: labelName });
|
|
} catch (e) {
|
|
if (e.status !== 404) throw e;
|
|
try {
|
|
await github.rest.issues.createLabel({
|
|
owner, repo, name: labelName, color: 'b76e79',
|
|
});
|
|
} catch (createErr) {
|
|
if (createErr.status !== 422) throw createErr;
|
|
}
|
|
}
|
|
|
|
await github.rest.issues.addLabels({
|
|
owner, repo, issue_number: prNumber, labels: [labelName],
|
|
});
|
|
|
|
- name: Remove missing-issue-link label and reopen PR
|
|
if: steps.check-link.outputs.has-link == 'true' && steps.check-link.outputs.is-assigned == 'true'
|
|
uses: actions/github-script@v8
|
|
with:
|
|
script: |
|
|
const { owner, repo } = context.repo;
|
|
const prNumber = context.payload.pull_request.number;
|
|
try {
|
|
await github.rest.issues.removeLabel({
|
|
owner, repo, issue_number: prNumber, name: 'missing-issue-link',
|
|
});
|
|
} catch (error) {
|
|
if (error.status !== 404) throw error;
|
|
}
|
|
|
|
// Reopen if this workflow previously closed the PR. We check the
|
|
// event payload labels (not live labels) because we already removed
|
|
// missing-issue-link above; the payload still reflects pre-step state.
|
|
const labels = context.payload.pull_request.labels.map(l => l.name);
|
|
if (context.payload.pull_request.state === 'closed' && labels.includes('missing-issue-link')) {
|
|
await github.rest.pulls.update({
|
|
owner,
|
|
repo,
|
|
pull_number: prNumber,
|
|
state: 'open',
|
|
});
|
|
console.log(`Reopened PR #${prNumber}`);
|
|
}
|
|
|
|
- name: Post comment, close PR, and fail
|
|
if: steps.check-link.outputs.has-link != 'true' || steps.check-link.outputs.is-assigned != 'true'
|
|
uses: actions/github-script@v8
|
|
with:
|
|
script: |
|
|
const { owner, repo } = context.repo;
|
|
const prNumber = context.payload.pull_request.number;
|
|
const hasLink = '${{ steps.check-link.outputs.has-link }}' === 'true';
|
|
const isAssigned = '${{ steps.check-link.outputs.is-assigned }}' === 'true';
|
|
const marker = '<!-- require-issue-link -->';
|
|
|
|
let lines;
|
|
if (!hasLink) {
|
|
lines = [
|
|
marker,
|
|
'**This PR has been automatically closed** because it does not link to an approved issue.',
|
|
'',
|
|
'All external contributions must reference an approved issue or discussion. Please:',
|
|
'1. Find or [open an issue](https://github.com/' + owner + '/' + repo + '/issues/new/choose) describing the change',
|
|
'2. Wait for a maintainer to approve and assign you',
|
|
'3. Add `Fixes #<issue_number>`, `Closes #<issue_number>`, or `Resolves #<issue_number>` to your PR description and the PR will be reopened automatically',
|
|
];
|
|
} else {
|
|
lines = [
|
|
marker,
|
|
'**This PR has been automatically closed** because you are not assigned to the linked issue.',
|
|
'',
|
|
'External contributors must be assigned to an issue before opening a PR for it. Please:',
|
|
'1. Comment on the linked issue to request assignment from a maintainer',
|
|
'2. Once assigned, edit your PR description and the PR will be reopened automatically',
|
|
];
|
|
}
|
|
|
|
const body = lines.join('\n');
|
|
|
|
// Deduplicate: check for existing comment with the marker
|
|
const comments = await github.paginate(
|
|
github.rest.issues.listComments,
|
|
{ owner, repo, issue_number: prNumber, per_page: 100 },
|
|
);
|
|
const existing = comments.find(c => c.body && c.body.includes(marker));
|
|
|
|
if (!existing) {
|
|
await github.rest.issues.createComment({
|
|
owner,
|
|
repo,
|
|
issue_number: prNumber,
|
|
body,
|
|
});
|
|
console.log('Posted requirement comment');
|
|
} else if (existing.body !== body) {
|
|
await github.rest.issues.updateComment({
|
|
owner,
|
|
repo,
|
|
comment_id: existing.id,
|
|
body,
|
|
});
|
|
console.log('Updated existing comment with new message');
|
|
} else {
|
|
console.log('Comment already exists — skipping');
|
|
}
|
|
|
|
// Close the PR
|
|
if (context.payload.pull_request.state === 'open') {
|
|
await github.rest.pulls.update({
|
|
owner,
|
|
repo,
|
|
pull_number: prNumber,
|
|
state: 'closed',
|
|
});
|
|
console.log(`Closed PR #${prNumber}`);
|
|
}
|
|
|
|
// Cancel all other in-progress and queued workflow runs for this PR
|
|
const headSha = context.payload.pull_request.head.sha;
|
|
for (const status of ['in_progress', 'queued']) {
|
|
const runs = await github.paginate(
|
|
github.rest.actions.listWorkflowRunsForRepo,
|
|
{ owner, repo, head_sha: headSha, status, per_page: 100 },
|
|
);
|
|
for (const run of runs) {
|
|
if (run.id === context.runId) continue;
|
|
try {
|
|
await github.rest.actions.cancelWorkflowRun({
|
|
owner, repo, run_id: run.id,
|
|
});
|
|
console.log(`Cancelled ${status} run ${run.id} (${run.name})`);
|
|
} catch (err) {
|
|
console.log(`Could not cancel run ${run.id}: ${err.message}`);
|
|
}
|
|
}
|
|
}
|
|
|
|
const reason = !hasLink
|
|
? 'PR must reference an issue using auto-close keywords (e.g., "Fixes #123").'
|
|
: 'PR author must be assigned to the linked issue.';
|
|
core.setFailed(reason);
|
|
|
|
# When a trusted-contributor label is added to a PR that was previously
|
|
# closed by check-issue-link, clean up and reopen it.
|
|
bypass-trusted-contributor:
|
|
if: github.event.action == 'labeled' && github.event.label.name == 'trusted-contributor'
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
pull-requests: write
|
|
|
|
steps:
|
|
- name: Remove missing-issue-link label and reopen PR
|
|
uses: actions/github-script@v8
|
|
with:
|
|
script: |
|
|
const { owner, repo } = context.repo;
|
|
const prNumber = context.payload.pull_request.number;
|
|
|
|
try {
|
|
await github.rest.issues.removeLabel({
|
|
owner, repo, issue_number: prNumber, name: 'missing-issue-link',
|
|
});
|
|
console.log('Removed missing-issue-link label');
|
|
} catch (error) {
|
|
if (error.status !== 404) throw error;
|
|
}
|
|
|
|
if (context.payload.pull_request.state === 'closed') {
|
|
await github.rest.pulls.update({
|
|
owner, repo, pull_number: prNumber, state: 'open',
|
|
});
|
|
console.log(`Reopened PR #${prNumber}`);
|
|
}
|