From 14d9b4d7b1110ffb39e993b79dfaf69a0714fb31 Mon Sep 17 00:00:00 2001 From: Samreet Date: Fri, 15 Nov 2024 12:08:30 +0100 Subject: [PATCH 1/9] Added workflow that adds dependabot pr directly to review column Signed-off-by: Samreet Co-authored-by: Ilyes Ben Dlala --- .../move-dependabot-pr-to-review.yaml | 114 ++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 .github/workflows/move-dependabot-pr-to-review.yaml diff --git a/.github/workflows/move-dependabot-pr-to-review.yaml b/.github/workflows/move-dependabot-pr-to-review.yaml new file mode 100644 index 0000000000..b1312d8723 --- /dev/null +++ b/.github/workflows/move-dependabot-pr-to-review.yaml @@ -0,0 +1,114 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + +name: Move Dependabot PRs to Review +on: + pull_request: + types: [reopened] # For testing the workflow + +permissions: + contents: read + pull-requests: read + repository-projects: write + +jobs: + move-dependabot-pr-to-review: + env: + PR_ID: ${{ github.event.pull_request.id }} + PR_NUMBER: ${{ github.event.pull_request.number}} + runs-on: ubuntu-22.04 + steps: + - name: Add dependabot PR to column To Review + run: | + echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token + + # Get the ID for the field Status + # gh project field-list 6 --owner secureCodeBox + StatusFieldID="PVTSSF_lADOAg-Nic05Gc4AAZuO" + + # Get the projectID + # gh project list --owner secureCodeBox + secureCodeBoxV4ProjectID="PVT_kwDOAg-Nic05GQ" + + # ID for status "To Review" + ToReviewID="00b0c876" + + # Add item to project + gh pr edit $PR_NUMBER --add-project "secureCodeBox v4" + # Move PR to "To Review" status + gh project item-edit --id $PR_ID --field-id $StatusFieldID --project-id $seureCodeBoxV4ProjectID --single-select-option-id $ToReviewID + + + # This command gets theIDs for the status options + #gh api graphql -f query=' + # query { + # organization(login: "secureCodeBox") { + # projectV2(number: 6) { + # fields(first: 20) { + # nodes { + # ... on ProjectV2SingleSelectField { + # id + # name + # options { + # id + # name + # } + # } + # } + # } + # } + # } + # }' + + # + # "data": { + # "organization": { + # "projectV2": { + # "fields": { + # "nodes": [ + # {}, + # {}, + # { + # "id": "PVTSSF_lADOAg-Nic05Gc4AAZuO", + # "name": "Status", + # "options": [ + # "organization": { + # { + # "id": "fdb7acaa", + # "name": "Backlog" + # }, + # { + # "id": "f75ad846", + # "name": "Todo" + # }, + # { + # "id": "47fc9ee4", + # "name": "In Progress" + # }, + # { + # "id": "00b0c876", + # "name": "To Review" + # }, + # { + # "id": "ea7b630a", + # "name": "Reviewer Approved" + # }, + # { + # "id": "98236657", + # "name": "Done" + # } + # ] + # }, + # {}, + # {}, + # {}, + # {}, + # {} + # ] + # } + # } + # } + # } + #} + \ No newline at end of file From 03fe71db6f573bb3c9b0221ed883d7386ce80079 Mon Sep 17 00:00:00 2001 From: Samreet Date: Fri, 15 Nov 2024 12:48:42 +0100 Subject: [PATCH 2/9] Checkout repo before executing the commands Signed-off-by: Samreet --- .github/workflows/move-dependabot-pr-to-review.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/move-dependabot-pr-to-review.yaml b/.github/workflows/move-dependabot-pr-to-review.yaml index b1312d8723..642d4626d1 100644 --- a/.github/workflows/move-dependabot-pr-to-review.yaml +++ b/.github/workflows/move-dependabot-pr-to-review.yaml @@ -19,6 +19,8 @@ jobs: PR_NUMBER: ${{ github.event.pull_request.number}} runs-on: ubuntu-22.04 steps: + - uses: actions/checkout@v4 + - name: Add dependabot PR to column To Review run: | echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token From 06b050a9033a76c3ce1dc9f640b9a8849607cca8 Mon Sep 17 00:00:00 2001 From: Samreet Date: Thu, 21 Nov 2024 10:00:02 +0100 Subject: [PATCH 3/9] Changed Token because additional permissions needed Signed-off-by: Samreet --- .../workflows/move-dependabot-pr-to-review.yaml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/workflows/move-dependabot-pr-to-review.yaml b/.github/workflows/move-dependabot-pr-to-review.yaml index 642d4626d1..850dd9c708 100644 --- a/.github/workflows/move-dependabot-pr-to-review.yaml +++ b/.github/workflows/move-dependabot-pr-to-review.yaml @@ -5,12 +5,8 @@ name: Move Dependabot PRs to Review on: pull_request: - types: [reopened] # For testing the workflow + types: [reopened] # For testing the workflow -permissions: - contents: read - pull-requests: read - repository-projects: write jobs: move-dependabot-pr-to-review: @@ -20,7 +16,14 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - + + - name: Add dependabot PR to project + run: | + # Add item to project + gh pr edit $PR_NUMBER --add-project "secureCodeBox v4" + env: + GH_TOKEN: ${{ secrets.SCB_BOT_USER_TOKEN }} + - name: Add dependabot PR to column To Review run: | echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token @@ -36,8 +39,6 @@ jobs: # ID for status "To Review" ToReviewID="00b0c876" - # Add item to project - gh pr edit $PR_NUMBER --add-project "secureCodeBox v4" # Move PR to "To Review" status gh project item-edit --id $PR_ID --field-id $StatusFieldID --project-id $seureCodeBoxV4ProjectID --single-select-option-id $ToReviewID From 17d1ea23af20627133c98bd05381ac0de2b55f1f Mon Sep 17 00:00:00 2001 From: Samreet Date: Thu, 21 Nov 2024 10:19:06 +0100 Subject: [PATCH 4/9] Add token to local envirement variable Signed-off-by: Samreet --- .github/workflows/move-dependabot-pr-to-review.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/move-dependabot-pr-to-review.yaml b/.github/workflows/move-dependabot-pr-to-review.yaml index 850dd9c708..aeea052cd6 100644 --- a/.github/workflows/move-dependabot-pr-to-review.yaml +++ b/.github/workflows/move-dependabot-pr-to-review.yaml @@ -26,8 +26,6 @@ jobs: - name: Add dependabot PR to column To Review run: | - echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token - # Get the ID for the field Status # gh project field-list 6 --owner secureCodeBox StatusFieldID="PVTSSF_lADOAg-Nic05Gc4AAZuO" @@ -114,4 +112,6 @@ jobs: # } # } #} + env: + GH_TOKEN: ${{ secrets.SCB_BOT_USER_TOKEN }} \ No newline at end of file From 5e2b65ccd5464acebe964a93cf319ff7d2e8ad7b Mon Sep 17 00:00:00 2001 From: Samreet Date: Thu, 21 Nov 2024 11:32:02 +0100 Subject: [PATCH 5/9] Changed id to node is Signed-off-by: Samreet --- .github/workflows/move-dependabot-pr-to-review.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/move-dependabot-pr-to-review.yaml b/.github/workflows/move-dependabot-pr-to-review.yaml index aeea052cd6..ada8c4f737 100644 --- a/.github/workflows/move-dependabot-pr-to-review.yaml +++ b/.github/workflows/move-dependabot-pr-to-review.yaml @@ -11,7 +11,6 @@ on: jobs: move-dependabot-pr-to-review: env: - PR_ID: ${{ github.event.pull_request.id }} PR_NUMBER: ${{ github.event.pull_request.number}} runs-on: ubuntu-22.04 steps: @@ -114,4 +113,4 @@ jobs: #} env: GH_TOKEN: ${{ secrets.SCB_BOT_USER_TOKEN }} - \ No newline at end of file + PR_ID: ${{ github.event.pull_request.node_id }} \ No newline at end of file From e8f657bf58538dc06c8dcdc395f993e83c2b85c1 Mon Sep 17 00:00:00 2001 From: Samreet Date: Thu, 21 Nov 2024 17:37:37 +0100 Subject: [PATCH 6/9] PR musst be linked to the project through the project not pr Adding the project to the pr will not include it to the projet itself and therfore not provide a node id (required for moving columns) Signed-off-by: Samreet --- .../move-dependabot-pr-to-review.yaml | 30 ++++++++++++------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/.github/workflows/move-dependabot-pr-to-review.yaml b/.github/workflows/move-dependabot-pr-to-review.yaml index ada8c4f737..ab8c08486b 100644 --- a/.github/workflows/move-dependabot-pr-to-review.yaml +++ b/.github/workflows/move-dependabot-pr-to-review.yaml @@ -9,38 +9,47 @@ on: jobs: - move-dependabot-pr-to-review: - env: - PR_NUMBER: ${{ github.event.pull_request.number}} + move-dependabot-pr-to-review: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - name: Add dependabot PR to project run: | + # Get the ID for the field Status + # gh project list --owner secureCodeBox + secureCodeBoxV4ProjectID="PVT_kwDOAg-Nic05GQ" + # Add item to project - gh pr edit $PR_NUMBER --add-project "secureCodeBox v4" + echo prNodeID=$(gh api graphql -f query=' + mutation { + addProjectV2ItemById(input: {projectId: "$secureCodeBoxV4ProjectID" contentId: "$PR_ID"}) { + item { + id + } + } + }' | jq '.data.addProjectV2ItemById.item.id') >> $GITHUB_ENV env: GH_TOKEN: ${{ secrets.SCB_BOT_USER_TOKEN }} + PR_ID: ${{ github.event.pull_request.node_id }} - name: Add dependabot PR to column To Review run: | # Get the ID for the field Status # gh project field-list 6 --owner secureCodeBox StatusFieldID="PVTSSF_lADOAg-Nic05Gc4AAZuO" - - # Get the projectID - # gh project list --owner secureCodeBox + secureCodeBoxV4ProjectID="PVT_kwDOAg-Nic05GQ" # ID for status "To Review" ToReviewID="00b0c876" + prNodeID=${{env.prNodeID}} # Move PR to "To Review" status - gh project item-edit --id $PR_ID --field-id $StatusFieldID --project-id $seureCodeBoxV4ProjectID --single-select-option-id $ToReviewID + gh project item-edit --id ${{ env.prNodeID }} --field-id $StatusFieldID --project-id "$seureCodeBoxV4ProjectID" --single-select-option-id "$ToReviewID" - # This command gets theIDs for the status options + # This command gets the IDs for the status options #gh api graphql -f query=' # query { # organization(login: "secureCodeBox") { @@ -112,5 +121,4 @@ jobs: # } #} env: - GH_TOKEN: ${{ secrets.SCB_BOT_USER_TOKEN }} - PR_ID: ${{ github.event.pull_request.node_id }} \ No newline at end of file + GH_TOKEN: ${{ secrets.SCB_BOT_USER_TOKEN }} \ No newline at end of file From a224d0a23febb19602ece57bf52a271886457cb7 Mon Sep 17 00:00:00 2001 From: Samreet Date: Fri, 22 Nov 2024 12:38:09 +0100 Subject: [PATCH 7/9] Fixed formating issue to correctly assign prnode variable Signed-off-by: Samreet --- .github/workflows/move-dependabot-pr-to-review.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/move-dependabot-pr-to-review.yaml b/.github/workflows/move-dependabot-pr-to-review.yaml index ab8c08486b..4c34c2ab76 100644 --- a/.github/workflows/move-dependabot-pr-to-review.yaml +++ b/.github/workflows/move-dependabot-pr-to-review.yaml @@ -21,14 +21,14 @@ jobs: secureCodeBoxV4ProjectID="PVT_kwDOAg-Nic05GQ" # Add item to project - echo prNodeID=$(gh api graphql -f query=' + echo prNodeID=$(gh api graphql -f query=" mutation { - addProjectV2ItemById(input: {projectId: "$secureCodeBoxV4ProjectID" contentId: "$PR_ID"}) { + addProjectV2ItemById(input: {projectId: \"$secureCodeBoxV4ProjectID\", contentId: \"$PR_ID\"}) { item { id } } - }' | jq '.data.addProjectV2ItemById.item.id') >> $GITHUB_ENV + }" | jq -r '.data.addProjectV2ItemById.item.id') >> $GITHUB_ENV env: GH_TOKEN: ${{ secrets.SCB_BOT_USER_TOKEN }} PR_ID: ${{ github.event.pull_request.node_id }} @@ -46,7 +46,7 @@ jobs: prNodeID=${{env.prNodeID}} # Move PR to "To Review" status - gh project item-edit --id ${{ env.prNodeID }} --field-id $StatusFieldID --project-id "$seureCodeBoxV4ProjectID" --single-select-option-id "$ToReviewID" + gh project item-edit --id ${{ env.prNodeID }} --field-id $StatusFieldID --project-id $secureCodeBoxV4ProjectID --single-select-option-id $ToReviewID # This command gets the IDs for the status options From 073d1ee47d22d1523a7407b7eab66888bdd9ec67 Mon Sep 17 00:00:00 2001 From: Samreet Date: Fri, 22 Nov 2024 15:09:20 +0100 Subject: [PATCH 8/9] Configured workflow to run on branches opened by bots Renames file and variable to better fit with the addition of the SCB-bot Signed-off-by: Samreet --- ...pr-to-review.yaml => move-bot-pr-to-review.yaml} | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) rename .github/workflows/{move-dependabot-pr-to-review.yaml => move-bot-pr-to-review.yaml} (94%) diff --git a/.github/workflows/move-dependabot-pr-to-review.yaml b/.github/workflows/move-bot-pr-to-review.yaml similarity index 94% rename from .github/workflows/move-dependabot-pr-to-review.yaml rename to .github/workflows/move-bot-pr-to-review.yaml index 4c34c2ab76..0b2da1f23b 100644 --- a/.github/workflows/move-dependabot-pr-to-review.yaml +++ b/.github/workflows/move-bot-pr-to-review.yaml @@ -2,19 +2,22 @@ # # SPDX-License-Identifier: Apache-2.0 -name: Move Dependabot PRs to Review +name: Move bot PRs to Review on: pull_request: - types: [reopened] # For testing the workflow + types: [opened] + branches: + - 'dependabot/**' + - 'dependencies/upgrading**' jobs: - move-dependabot-pr-to-review: + move-bot-pr-to-review: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - - name: Add dependabot PR to project + - name: Add bot PR to project run: | # Get the ID for the field Status # gh project list --owner secureCodeBox @@ -33,7 +36,7 @@ jobs: GH_TOKEN: ${{ secrets.SCB_BOT_USER_TOKEN }} PR_ID: ${{ github.event.pull_request.node_id }} - - name: Add dependabot PR to column To Review + - name: Move PR to column To Review run: | # Get the ID for the field Status # gh project field-list 6 --owner secureCodeBox From 0b8039b9f587750833238eba8b40fe5e55f460c6 Mon Sep 17 00:00:00 2001 From: Samreet Date: Fri, 22 Nov 2024 16:58:13 +0100 Subject: [PATCH 9/9] Removed comment with query on how to retrieve the IDs of the colums Signed-off-by: Samreet --- .github/workflows/move-bot-pr-to-review.yaml | 72 -------------------- 1 file changed, 72 deletions(-) diff --git a/.github/workflows/move-bot-pr-to-review.yaml b/.github/workflows/move-bot-pr-to-review.yaml index 0b2da1f23b..15b068ab19 100644 --- a/.github/workflows/move-bot-pr-to-review.yaml +++ b/.github/workflows/move-bot-pr-to-review.yaml @@ -51,77 +51,5 @@ jobs: # Move PR to "To Review" status gh project item-edit --id ${{ env.prNodeID }} --field-id $StatusFieldID --project-id $secureCodeBoxV4ProjectID --single-select-option-id $ToReviewID - - # This command gets the IDs for the status options - #gh api graphql -f query=' - # query { - # organization(login: "secureCodeBox") { - # projectV2(number: 6) { - # fields(first: 20) { - # nodes { - # ... on ProjectV2SingleSelectField { - # id - # name - # options { - # id - # name - # } - # } - # } - # } - # } - # } - # }' - - # - # "data": { - # "organization": { - # "projectV2": { - # "fields": { - # "nodes": [ - # {}, - # {}, - # { - # "id": "PVTSSF_lADOAg-Nic05Gc4AAZuO", - # "name": "Status", - # "options": [ - # "organization": { - # { - # "id": "fdb7acaa", - # "name": "Backlog" - # }, - # { - # "id": "f75ad846", - # "name": "Todo" - # }, - # { - # "id": "47fc9ee4", - # "name": "In Progress" - # }, - # { - # "id": "00b0c876", - # "name": "To Review" - # }, - # { - # "id": "ea7b630a", - # "name": "Reviewer Approved" - # }, - # { - # "id": "98236657", - # "name": "Done" - # } - # ] - # }, - # {}, - # {}, - # {}, - # {}, - # {} - # ] - # } - # } - # } - # } - #} env: GH_TOKEN: ${{ secrets.SCB_BOT_USER_TOKEN }} \ No newline at end of file