chore(IDX): create workflow for repo policies (#71)

* chore(IDX): create workflow for repo policies * Update repo_policies_ruleset.yml * update path * add composite action for python setup * add shell * rename * fix path * update composite action * update message * Update repo_policies_ruleset.yml
dfinity · Dec 4, 2024 · 5c3d397 · 5c3d397
1 parent 827d94c
commit 5c3d397
Show file tree

Hide file tree

Showing 7 changed files with 68 additions and 29 deletions.
diff --git a/.github/workflows/check_cla.yml b/.github/workflows/check_cla.yml
@@ -26,13 +26,8 @@ jobs:
         with:
           repository: 'dfinity/public-workflows'
 
-      - name: Install Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.12'
-
-      - name: Install Dependencies
-        run: pip install -r requirements.txt
+      - name: Python Setup
+        uses: ./.github/workflows/python-setup
 
       - name: Check Membership
         id:  check-membership
@@ -61,13 +56,8 @@ jobs:
         with:
           repository: 'dfinity/public-workflows'
 
-      - name: Install Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: '3.12'
-
-      - name: Install Dependencies
-        run: pip install -r requirements.txt
+      - name: Python Setup
+        uses: ./.github/workflows/python-setup
 
       - name: Check if accepting external contributions
         id: accepts_external_contrib

diff --git a/.github/workflows/check_cla_signed.yml b/.github/workflows/check_cla_signed.yml
@@ -14,13 +14,8 @@ jobs:
         uses: actions/checkout@v3
         with:
           repository: dfinity/public-workflows
-      - name: Install Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: '3.12'
-      - name: Install Dependencies
-        run: pip install -q -r requirements.txt
-        shell: bash
+      - name: Python Setup
+        uses: ./.github/workflows/python-setup
       - name: Check CLA issue
         run: |
           export PYTHONPATH="$PWD/reusable_workflows/"

diff --git a/.github/workflows/python-setup/action.yml b/.github/workflows/python-setup/action.yml
@@ -0,0 +1,14 @@
+name: Python Setup
+description: Installs Python and necessary dependencies
+
+runs:
+  using: composite
+  steps:
+    - name: Install Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.12'
+
+    - name: Install Dependencies
+      run: pip install -r requirements.txt
+      shell: bash
diff --git a/.github/workflows/python_lint_test.yml b/.github/workflows/python_lint_test.yml
@@ -20,13 +20,8 @@ jobs:
     - name: Checkout
       uses: actions/checkout@v3
 
-    - name: Install Python
-      uses: actions/setup-python@v4
-      with:
-        python-version: '3.12'
-
-    - name: Install Dependencies
-      run: pip install -r requirements.txt
+    - name: Python Setup
+      uses: ./.github/workflows/python-setup
 
     - name: Run tests
       run: pytest reusable_workflows/

diff --git a/.github/workflows/repo_policies.yml b/.github/workflows/repo_policies.yml
@@ -0,0 +1,33 @@
+name: Repository Policies
+
+on:
+  workflow_call:
+
+jobs:
+  check-bot-policies:
+    name: Check Bot Policies
+    runs-on: ubuntu-latest
+    # Dont run this workflow on merge queue
+    if:  ${{ github.event_name != 'merge_group' }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          repository: dfinity/public-workflows
+
+      - name: Python Setup
+        uses: ./.github/workflows/python-setup
+
+      - name: Bot Checks
+        id:  bot-checks
+        run: |
+          export PYTHONPATH="$PWD/reusable_workflows/"
+          python reusable_workflows/repo_policies/bot_checks/check_bot_approved_files.py
+        shell: bash
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_ORG: ${{ github.repository_owner }}
+          USER: ${{ github.event.pull_request.user.login }}
+          REPO: ${{ github.repository }}
+          MERGE_BASE_SHA: ${{ github.event.pull_request.base.sha }}
+          BRANCH_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
diff --git a/.github/workflows/repo_policies_ruleset.yml b/.github/workflows/repo_policies_ruleset.yml
@@ -0,0 +1,12 @@
+# triggered on all repositories via rulesets
+
+name: Repo Policies Ruleset
+
+on:
+  pull_request:
+  merge_group:
+
+jobs:
+  call-repo-policies:
+    uses: dfinity/public-workflows/.github/workflows/repo_policies.yml@main
+    secrets: inherit
diff --git a/reusable_workflows/repo_policies/bot_checks/check_bot_approved_files.py b/reusable_workflows/repo_policies/bot_checks/check_bot_approved_files.py
@@ -86,7 +86,7 @@ def main() -> None:
 
     else:
         print(
-            f"{user} is not an approved bot. Letting CLA check handle contribution decision."
+            f"{user} is not a bot. Letting CLA check handle contribution decision."
         )
         block_pr = False
-Original file line number
+Diff line change
@@ Expand Up / @@ -86,7 +86,7 @@ def main() -> None: @@
         else:
             print(
-                f"{user} is not an approved bot. Letting CLA check handle contribution decision."
+                f"{user} is not a bot. Letting CLA check handle contribution decision."
             )
             block_pr = False
@@ Expand Down @@