Skip to content

Add GitHub action that checks the latest release for vulnerabilities and reports them in an issue #1609

Add GitHub action that checks the latest release for vulnerabilities and reports them in an issue

Add GitHub action that checks the latest release for vulnerabilities and reports them in an issue #1609

---
name: Release Note Linter
on:
pull_request:
branches:
- main
- "release-v*" # release branches
jobs:
release-note-linter:
name: Release Note Linter
runs-on: ubuntu-latest
steps:
- name: Sanity Check Release Notes
if: github.actor != 'dependabot[bot]'
env:
PR_NUMBER: ${{ github.event.number }}
run: |
# Validate PR release notes
echo "Going to validate PR ${PR_NUMBER}"
echo "First making sure you have not left the PR template as is"
# Describe any user facing changes here, or delete this block.
TEMPLATE_LEFT_AS_IS=$(wget -q -O- https://api.github.com/repos/shipwright-io/build/pulls/${PR_NUMBER} | jq '.body | match("(Describe any user facing changes here, or delete this block)")')
if [ -z "${TEMPLATE_LEFT_AS_IS}" ]; then
echo "You appear to have attempted to update the PR template to define a release note."
else
echo "You have not made any changes for release notes in your PR description. Edit your PR description per the instructions at https://raw.githubusercontent.com/shipwright-io/build/main/.github/pull_request_template.md"
exit 1
fi
echo "Now checking against valid structure for release notes"
MATCHES=$(wget -q -O- https://api.github.com/repos/shipwright-io/build/pulls/${PR_NUMBER} | jq '.body | match("(```release-note\r\n(.*|NONE|action required: .*)\r\n```)")')
if [ -z "${MATCHES}" ]; then
echo "Your Release Notes were not properly defined or they are not in place, please make sure you add them."
echo "See our PR template for more information: https://raw.githubusercontent.com/shipwright-io/build/main/.github/pull_request_template.md"
exit 1
else
echo "Your Release Notes are properly in place!"
fi