mirror of
https://github.com/Frooodle/Stirling-PDF.git
synced 2024-12-21 19:08:24 +01:00
3a27aa16d5
* Improves security when processing properties files * Check for spaces in the key --------- Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com>
214 lines
7.4 KiB
YAML
214 lines
7.4 KiB
YAML
name: Check Properties Files
|
|
|
|
on:
|
|
pull_request_target:
|
|
types: [opened, synchronize, reopened]
|
|
paths:
|
|
- "src/main/resources/messages_*.properties"
|
|
push:
|
|
branches: ["main"]
|
|
paths:
|
|
- "src/main/resources/messages_en_GB.properties"
|
|
|
|
jobs:
|
|
check-files:
|
|
if: github.event_name == 'pull_request_target'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout main branch first
|
|
uses: actions/checkout@v4
|
|
with:
|
|
ref: main
|
|
path: main-branch
|
|
fetch-depth: 0
|
|
|
|
- name: Checkout PR branch
|
|
uses: actions/checkout@v4
|
|
with:
|
|
repository: ${{ github.event.pull_request.head.repo.full_name }}
|
|
ref: ${{ github.event.pull_request.head.ref }}
|
|
path: pr-branch
|
|
fetch-depth: 0
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.x"
|
|
|
|
- name: Install GitHub CLI
|
|
run: sudo apt-get update && sudo apt-get install -y gh
|
|
|
|
- name: Fetch PR changed files
|
|
id: fetch-pr-changes
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
echo "Fetching PR changed files..."
|
|
cd pr-branch
|
|
gh repo set-default ${{ github.repository }}
|
|
# Store files in a safe way, only allowing valid properties files
|
|
echo "Getting list of changed files from PR..."
|
|
gh pr view ${{ github.event.pull_request.number }} --json files -q ".files[].path" | grep -E '^src/main/resources/messages_[a-zA-Z_]+\.properties$' > ../changed_files.txt
|
|
cd ..
|
|
|
|
echo "Processing changed files..."
|
|
mapfile -t CHANGED_FILES < changed_files.txt
|
|
|
|
CHANGED_FILES_STR="${CHANGED_FILES[*]}"
|
|
echo "CHANGED_FILES=${CHANGED_FILES_STR}" >> $GITHUB_ENV
|
|
|
|
echo "Changed files: ${CHANGED_FILES_STR}"
|
|
|
|
- name: Determine reference file
|
|
id: determine-file
|
|
run: |
|
|
echo "Determining reference file..."
|
|
if grep -Fxq "src/main/resources/messages_en_GB.properties" changed_files.txt; then
|
|
echo "Using PR branch reference file"
|
|
echo "REFERENCE_FILE=pr-branch/src/main/resources/messages_en_GB.properties" >> $GITHUB_ENV
|
|
else
|
|
echo "Using main branch reference file"
|
|
echo "REFERENCE_FILE=main-branch/src/main/resources/messages_en_GB.properties" >> $GITHUB_ENV
|
|
fi
|
|
|
|
- name: Show REFERENCE_FILE
|
|
run: echo "Reference file is set to ${REFERENCE_FILE}"
|
|
|
|
- name: Run Python script to check files
|
|
id: run-check
|
|
run: |
|
|
echo "Running Python script to check files..."
|
|
python main-branch/.github/scripts/check_language_properties.py \
|
|
--actor ${{ github.event.pull_request.user.login }} \
|
|
--reference-file "${REFERENCE_FILE}" \
|
|
--branch pr-branch \
|
|
--files "${CHANGED_FILES[@]}" > result.txt || true
|
|
|
|
- name: Capture output
|
|
id: capture-output
|
|
run: |
|
|
if [ -f result.txt ] && [ -s result.txt ]; then
|
|
echo "Test, capturing output..."
|
|
SCRIPT_OUTPUT=$(cat result.txt)
|
|
echo "SCRIPT_OUTPUT<<EOF" >> $GITHUB_ENV
|
|
echo "$SCRIPT_OUTPUT" >> $GITHUB_ENV
|
|
echo "EOF" >> $GITHUB_ENV
|
|
echo "${SCRIPT_OUTPUT}"
|
|
|
|
# Set FAIL_JOB to true if SCRIPT_OUTPUT contains ❌
|
|
if [[ "$SCRIPT_OUTPUT" == *"❌"* ]]; then
|
|
echo "FAIL_JOB=true" >> $GITHUB_ENV
|
|
else
|
|
echo "FAIL_JOB=false" >> $GITHUB_ENV
|
|
fi
|
|
else
|
|
echo "No update found."
|
|
echo "SCRIPT_OUTPUT=" >> $GITHUB_ENV
|
|
echo "FAIL_JOB=false" >> $GITHUB_ENV
|
|
fi
|
|
|
|
- name: Post comment on PR
|
|
if: env.SCRIPT_OUTPUT != ''
|
|
uses: actions/github-script@v7
|
|
with:
|
|
script: |
|
|
const { GITHUB_REPOSITORY, SCRIPT_OUTPUT } = process.env;
|
|
const [repoOwner, repoName] = GITHUB_REPOSITORY.split('/');
|
|
const prNumber = context.issue.number;
|
|
|
|
// Find existing comment
|
|
const comments = await github.rest.issues.listComments({
|
|
owner: repoOwner,
|
|
repo: repoName,
|
|
issue_number: prNumber
|
|
});
|
|
|
|
const comment = comments.data.find(c => c.body.includes("## 🚀 Translation Verification Summary"));
|
|
|
|
// Only allow the action user to update comments
|
|
const expectedActor = "github-actions[bot]";
|
|
|
|
if (comment && comment.user.login === expectedActor) {
|
|
// Update existing comment
|
|
await github.rest.issues.updateComment({
|
|
owner: repoOwner,
|
|
repo: repoName,
|
|
comment_id: comment.id,
|
|
body: `## 🚀 Translation Verification Summary\n\n\n${SCRIPT_OUTPUT}\n`
|
|
});
|
|
console.log("Updated existing comment.");
|
|
} else if (!comment) {
|
|
// Create new comment if no existing comment is found
|
|
await github.rest.issues.createComment({
|
|
owner: repoOwner,
|
|
repo: repoName,
|
|
issue_number: prNumber,
|
|
body: `## 🚀 Translation Verification Summary\n\n\n${SCRIPT_OUTPUT}\n`
|
|
});
|
|
console.log("Created new comment.");
|
|
} else {
|
|
console.log("Comment update attempt denied. Actor does not match.");
|
|
}
|
|
|
|
- name: Fail job if errors found
|
|
if: env.FAIL_JOB == 'true'
|
|
run: |
|
|
echo "Failing the job because errors were detected."
|
|
exit 1
|
|
|
|
update-translations-main:
|
|
if: github.event_name == 'push'
|
|
permissions:
|
|
contents: write
|
|
pull-requests: write
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.x"
|
|
|
|
- name: Run Python script to check files
|
|
id: run-check
|
|
run: |
|
|
echo "Running Python script to check files..."
|
|
python .github/scripts/check_language_properties.py \
|
|
--reference-file src/main/resources/messages_en_GB.properties \
|
|
--branch main
|
|
|
|
- name: Set up git config
|
|
run: |
|
|
git config --global user.name "github-actions[bot]"
|
|
git config --global user.email "github-actions[bot]@users.noreply.github.com"
|
|
|
|
- name: Add translation keys
|
|
run: |
|
|
git add src/main/resources/messages_*.properties
|
|
git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV
|
|
|
|
- name: Create Pull Request
|
|
id: cpr
|
|
if: env.CHANGES_DETECTED == 'true'
|
|
uses: peter-evans/create-pull-request@v7
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
commit-message: "Update translation files"
|
|
committer: GitHub Action <action@github.com>
|
|
author: GitHub Action <action@github.com>
|
|
signoff: true
|
|
branch: update_translation_files
|
|
title: "Update translation files"
|
|
add-paths: |
|
|
src/main/resources/messages_*.properties
|
|
body: |
|
|
Auto-generated by [create-pull-request][1]
|
|
|
|
[1]: https://github.com/peter-evans/create-pull-request
|
|
labels: Translation
|
|
draft: false
|
|
delete-branch: true
|
|
sign-commits: true
|