diff --git a/.github/workflows/check_properties.yml b/.github/workflows/check_properties.yml index 9ee1ca9c..ed860e39 100644 --- a/.github/workflows/check_properties.yml +++ b/.github/workflows/check_properties.yml @@ -9,6 +9,7 @@ on: paths: - "src/main/resources/messages_en_GB.properties" +# Permissions required for the workflow permissions: contents: write pull-requests: write @@ -18,6 +19,13 @@ jobs: if: github.event_name == 'pull_request_target' runs-on: ubuntu-latest steps: + - name: Checkout main branch first + uses: actions/checkout@v4 + with: + ref: main + path: main-branch + fetch-depth: 0 + - name: Checkout PR branch uses: actions/checkout@v4 with: @@ -26,13 +34,6 @@ jobs: path: pr-branch fetch-depth: 0 - - name: Checkout main branch - uses: actions/checkout@v4 - with: - ref: main - path: main-branch - fetch-depth: 0 - - name: Set up Python uses: actions/setup-python@v5 with: @@ -49,34 +50,46 @@ jobs: echo "Fetching PR changed files..." cd pr-branch gh repo set-default ${{ github.repository }} - gh pr view ${{ github.event.pull_request.number }} --json files -q ".files[].path" > ../changed_files.txt + # Store files in a safe way, only allowing valid properties files + echo "Getting list of changed files from PR..." + gh pr view ${{ github.event.pull_request.number }} --json files -q ".files[].path" | grep -E '^src/main/resources/messages_[a-zA-Z_]+\.properties$' > ../changed_files.txt cd .. - echo $(cat changed_files.txt) + echo "Setting branch path..." BRANCH_PATH="pr-branch" + echo "BRANCH_PATH=${BRANCH_PATH}" >> $GITHUB_ENV - CHANGED_FILES=$(cat changed_files.txt | tr '\n' ' ') - echo "CHANGED_FILES=${CHANGED_FILES}" >> $GITHUB_ENV - echo "Changed files: ${CHANGED_FILES}" + echo "Processing changed files..." + mapfile -t CHANGED_FILES < changed_files.txt + + CHANGED_FILES_STR="${CHANGED_FILES[*]}" + echo "CHANGED_FILES=${CHANGED_FILES_STR}" >> $GITHUB_ENV + + echo "Changed files: ${CHANGED_FILES_STR}" echo "Branch: ${BRANCH_PATH}" - name: Determine reference file id: determine-file run: | echo "Determining reference file..." - if echo "${{ env.CHANGED_FILES }}" | grep -q 'src/main/resources/messages_en_GB.properties'; then + if grep -Fxq "src/main/resources/messages_en_GB.properties" changed_files.txt; then + echo "Using PR branch reference file" echo "REFERENCE_FILE=pr-branch/src/main/resources/messages_en_GB.properties" >> $GITHUB_ENV else + echo "Using main branch reference file" echo "REFERENCE_FILE=main-branch/src/main/resources/messages_en_GB.properties" >> $GITHUB_ENV fi - echo "REFERENCE_FILE=${{ env.REFERENCE_FILE }}" - name: Show REFERENCE_FILE - run: echo "Reference file is set to ${{ env.REFERENCE_FILE }}" + run: echo "Reference file is set to ${REFERENCE_FILE}" - name: Run Python script to check files id: run-check run: | - python main-branch/.github/scripts/check_language_properties.py --reference-file ${{ env.REFERENCE_FILE }} --branch ${{ env.BRANCH_PATH }} --files ${{ env.CHANGED_FILES }} > failure.txt || true + echo "Running Python script to check files..." + python main-branch/.github/scripts/check_language_properties.py \ + --reference-file "${REFERENCE_FILE}" \ + --branch "${BRANCH_PATH}" \ + --files ${CHANGED_FILES} > failure.txt || true - name: Capture output id: capture-output @@ -87,7 +100,7 @@ jobs: echo "ERROR_OUTPUT<> $GITHUB_ENV echo "$ERROR_OUTPUT" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV - echo $ERROR_OUTPUT + echo "${ERROR_OUTPUT}" else echo "No errors found." echo "ERROR_OUTPUT=" >> $GITHUB_ENV @@ -110,7 +123,7 @@ jobs: }); const comment = comments.data.find(c => c.body.includes("## 🚀 Translation Verification Summary")); - + // Only allow the action user to update comments const expectedActor = "github-actions[bot]"; @@ -169,7 +182,10 @@ jobs: - name: Run Python script to check files id: run-check run: | - python .github/scripts/check_language_properties.py --reference-file src/main/resources/messages_en_GB.properties --branch main + echo "Running Python script to check files..." + python .github/scripts/check_language_properties.py \ + --reference-file src/main/resources/messages_en_GB.properties \ + --branch main - name: Set up git config run: |