name: Check Properties Files on PR on: pull_request_target: types: [opened, synchronize, reopened] paths: - "src/main/resources/messages_*.properties" permissions: contents: read # Allow read access to repository content issues: write # Allow posting comments on issues/PRs jobs: check-files: if: github.event_name == 'pull_request_target' runs-on: ubuntu-latest steps: - name: Harden Runner uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit - name: Checkout main branch first uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Python uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: "3.x" - name: Fetch PR changed files id: fetch-pr-changes env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | echo "Fetching PR changed files..." gh repo set-default ${{ github.event.pull_request.head.repo.full_name }} # Set the fork repository as default # Fetch the list of changed files in the PR echo "Getting list of changed files from PR..." gh pr view ${{ github.event.pull_request.number }} --json files -q ".files[].path" | grep -E '^src/main/resources/messages_[a-zA-Z_]+\.properties$' > changed_files.txt # Filter only matching property files - name: Determine reference file id: determine-file env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | echo "Determining reference file..." REPO_OWNER=$(gh pr view ${{ github.event.pull_request.number }} --json author -q '.author.login') # Get PR author's username REPO_NAME=$(gh pr view ${{ github.event.pull_request.number }} --json headRepository -q '.headRepository.name') # Get PR repository name BRANCH=$(gh pr view ${{ github.event.pull_request.number }} --json headRefName -q '.headRefName') # Get PR branch name mkdir -p pr-branch # Create a directory for PR files # Download the content of each changed file while IFS= read -r file; do mkdir -p "pr-branch/$(dirname "$file")" # Create directories for files gh api repos/$REPO_OWNER/$REPO_NAME/contents/$file?ref=$BRANCH --jq '.content' | base64 -d > "pr-branch/src/main/resources/$(basename "$file")" # Save decoded file content done < changed_files.txt # Generate a list of files without the "pr-branch/" prefix find pr-branch/ -type f | awk -F'pr-branch/' '{print $2}' > file_list.txt mapfile -t FILES_LIST < file_list.txt # Read the file list into an array FILES_LIST_STR="${FILES_LIST[*]}" # Join array into a space-separated string echo "FILES_LIST=${FILES_LIST_STR}" >> $GITHUB_ENV # Export the file list to the environment echo "Changed files: ${FILES_LIST_STR}" cat file_list.txt # Display the file list # Determine which reference file to use if grep -Fxq "src/main/resources/messages_en_GB.properties" changed_files.txt; then echo "Using PR branch reference file" REFERENCE_FILE="pr-branch-messages_en_GB.properties" gh api repos/$REPO_OWNER/$REPO_NAME/contents/src/main/resources/messages_en_GB.properties?ref=${{ github.event.pull_request.head.ref }} \ --jq '.content' | base64 -d > $REFERENCE_FILE # Save PR branch reference file else echo "Using main branch reference file" REFERENCE_FILE="main-branch-messages_en_GB.properties" gh api repos/Ludy87/test_java/contents/src/main/resources/messages_en_GB.properties?ref=main \ --jq '.content' | base64 -d > $REFERENCE_FILE # Save main branch reference file fi echo "REFERENCE_FILE=$REFERENCE_FILE" >> $GITHUB_ENV # Export reference file path to the environment - name: Run Python script to check files id: run-check run: | echo "Running Python script to check files..." python .github/scripts/check_language_properties.py \ --actor ${{ github.event.pull_request.user.login }} \ --reference-file "${REFERENCE_FILE}" \ --branch "pr-branch" \ --files "${FILES_LIST[@]}" > result.txt || true - name: Capture output id: capture-output run: | if [ -f result.txt ] && [ -s result.txt ]; then echo "Test, capturing output..." SCRIPT_OUTPUT=$(cat result.txt) echo "SCRIPT_OUTPUT<> $GITHUB_ENV echo "$SCRIPT_OUTPUT" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV echo "${SCRIPT_OUTPUT}" # Determine job failure based on script output if [[ "$SCRIPT_OUTPUT" == *"❌"* ]]; then echo "FAIL_JOB=true" >> $GITHUB_ENV else echo "FAIL_JOB=false" >> $GITHUB_ENV fi else echo "No update found." echo "SCRIPT_OUTPUT=" >> $GITHUB_ENV echo "FAIL_JOB=false" >> $GITHUB_ENV fi - name: Post comment on PR if: env.SCRIPT_OUTPUT != '' uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const { GITHUB_REPOSITORY, SCRIPT_OUTPUT } = process.env; const [repoOwner, repoName] = GITHUB_REPOSITORY.split('/'); const prNumber = context.issue.number; // Find existing comment const comments = await github.rest.issues.listComments({ owner: repoOwner, repo: repoName, issue_number: prNumber }); const comment = comments.data.find(c => c.body.includes("## 🚀 Translation Verification Summary")); // Only update or create comments by the action user const expectedActor = "github-actions[bot]"; if (comment && comment.user.login === expectedActor) { // Update existing comment await github.rest.issues.updateComment({ owner: repoOwner, repo: repoName, comment_id: comment.id, body: `## 🚀 Translation Verification Summary\n\n\n${SCRIPT_OUTPUT}\n` }); console.log("Updated existing comment."); } else if (!comment) { // Create new comment if no existing comment is found await github.rest.issues.createComment({ owner: repoOwner, repo: repoName, issue_number: prNumber, body: `## 🚀 Translation Verification Summary\n\n\n${SCRIPT_OUTPUT}\n` }); console.log("Created new comment."); } else { console.log("Comment update attempt denied. Actor does not match."); } - name: Fail job if errors found if: env.FAIL_JOB == 'true' run: | echo "Failing the job because errors were detected." exit 1