.github/workflows/project.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

name: Project tracking
on:
  issues:
    types: [opened, reopened]
  pull_request_target:
    types: [opened, reopened, synchronize]

concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

permissions: {}
jobs:
  add-to-project:
    name: Add to project
    runs-on: ubuntu-latest
    if: github.repository == 'ohmyzsh/ohmyzsh'
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
        with:
          egress-policy: audit
      - name: Authenticate as @ohmyzsh
        id: generate-token
        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
        with:
          app-id: ${{ secrets.OHMYZSH_APP_ID }}
          private-key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }}
      - name: Read project data
        env:
          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
          ORGANIZATION: ohmyzsh
          PROJECT_NUMBER: "1"
        run: |
          # Get Project data
          gh api graphql -f query='
            query($org: String!, $number: Int!) {
              organization(login: $org){
                projectV2(number: $number) {
                  id
                  fields(first:20) {
                    nodes {
                      ... on ProjectV2Field {
                        id
                        name
                      }
                    }
                  }
                }
              }
            }' -f org=$ORGANIZATION -F number=$PROJECT_NUMBER > project_data.json

          # Parse project data
          cat >> "$GITHUB_ENV" <<EOF
          PROJECT_ID=$(jq '.data.organization.projectV2.id' project_data.json)
          PLUGIN_FIELD_ID=$(jq '.data.organization.projectV2.fields.nodes[] | select(.name == "Plugin") | .id' project_data.json)
          THEME_FIELD_ID=$(jq '.data.organization.projectV2.fields.nodes[] | select(.name == "Theme") | .id' project_data.json)
          EOF
      - name: Add to project
        env:
          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
          ISSUE_OR_PR_ID: ${{ github.event.issue.node_id || github.event.pull_request.node_id }}
        run: |
          item_id="$(gh api graphql -f query='
            mutation($project: ID!, $content: ID!) {
              addProjectV2ItemById(input: {projectId: $project, contentId: $content}) {
                item {
                  id
                }
              }
            }
          ' -f project="$PROJECT_ID" -f content="$ISSUE_OR_PR_ID" --jq '.data.addProjectV2ItemById.item.id')"

          echo "ITEM_ID=$item_id" >> $GITHUB_ENV
      - name: Classify Pull Request
        if: github.event_name == 'pull_request_target'
        env:
          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
          PR_NUMBER: ${{ github.event.pull_request.number }}
        run: |
          # Get the list of modified files in the PR, and extract plugins and themes
          gh pr view "$PR_NUMBER" \
            --repo "$GITHUB_REPOSITORY" \
            --json files --jq '.files.[].path' | awk -F/ '
            BEGIN {
              plugins = 0
              themes = 0
            }
            /^plugins\// {
              if (plugin == $2) next
              plugin = $2
              plugins++
            }
            /^themes\// {
              gsub(/\.zsh-theme$/, "", $2)
              if (theme == $2) next
              theme = $2
              themes++
            }
            END {
              # plugin and theme are values controlled by the PR author
              # so we should sanitize them before using anywhere else
              if (plugins == 1) {
                gsub(/[^a-zA-Z0-9._-]/, "", plugin)
                print "PLUGIN=" plugin
              }
              if (themes == 1) {
                gsub(/[^a-zA-Z0-9._-]/, "", theme)
                print "THEME=" theme
              }
            }
          ' >> "$GITHUB_ENV"
      - name: Fill Pull Request fields in project
        if: github.event_name == 'pull_request_target'
        env:
          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
        run: |
          gh api graphql -f query='
            mutation (
              $project: ID!
              $item: ID!
              $plugin_field: ID!
              $plugin_value: String!
              $theme_field: ID!
              $theme_value: String!
            ) {
              set_plugin: updateProjectV2ItemFieldValue(input: {
                projectId: $project
                itemId: $item
                fieldId: $plugin_field
                value: {
                  text: $plugin_value
                }
              }) {
                projectV2Item {
                  id
                }
              }
              set_theme: updateProjectV2ItemFieldValue(input: {
                projectId: $project
                itemId: $item
                fieldId: $theme_field
                value: {
                  text: $theme_value
                }
              }) {
                projectV2Item {
                  id
                }
              }
            }
          ' -f project="$PROJECT_ID" -f item="$ITEM_ID" \
            -f plugin_field="$PLUGIN_FIELD_ID" -f plugin_value="$PLUGIN" \
            -f theme_field="$THEME_FIELD_ID" -f theme_value="$THEME" \
            --silent