feat(github): add workflow for PR contribution guidelines (#66380)

2026-03-25 23:02:05 -04:00 · 2026-03-15 18:09:32 +07:00
parent 612e291f51
commit b69f941bc5
6 changed files with 412 additions and 66 deletions
--- a/.github/workflows/github-pr-guidelines.yml
+++ b/.github/workflows/github-pr-guidelines.yml
@@ -0,0 +1,137 @@
+name: GitHub - PR Contribution Guidelines
+
+on:
+  pull_request_target:
+    types: [opened, reopened]
+
+jobs:
+  # Ensures PR commits were not added via the GitHub Web UI, which typically indicates
+  # the contributor hasn't tested their changes in a local development environment.
+  no-web-commits:
+    name: No Commits on GitHub Web
+    runs-on: ubuntu-24.04
+    outputs:
+      is_allow_listed: ${{ steps.pr_author.outputs.is_allow_listed }}
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          sparse-checkout: .github/scripts/pr-guidelines
+          sparse-checkout-cone-mode: false
+
+      - name: Check if PR author is allow-listed
+        id: pr_author
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
+        with:
+          # GITHUB_TOKEN does not have the read:org permission needed for this call
+          # while CAMPERBOT_NO_TRANSLATE does, since it is a PAT for the camperbot account with read:org scope
+          github-token: ${{ secrets.CAMPERBOT_NO_TRANSLATE }}
+          script: |
+            const fn = require('./.github/scripts/pr-guidelines/check-allow-list.js');
+            await fn({ github, context, core });
+
+      - name: Check if commits are made on GitHub Web UI
+        id: check-commits
+        if: steps.pr_author.outputs.is_allow_listed == 'false'
+        env:
+          HEAD_REF: ${{ github.head_ref }}
+        run: |
+          PR_NUMBER=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")
+          COMMITS_URL="https://api.github.com/repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/commits"
+          HAS_GITHUB_SIGNED_COMMIT=$(curl --header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" "$COMMITS_URL" | jq '[.[] | select(.commit.committer.name == "GitHub") | select(.commit.message | test("revert"; "i") | not)] | length > 0')
+          # GitHub Codespaces also produces GitHub-signed commits, but Codespaces users
+          # work on descriptively named branches. The web editor defaults to patch-N branches.
+          IS_PATCH_BRANCH=false
+          if [[ "$HEAD_REF" =~ ^patch-[0-9]+$ ]]; then
+            IS_PATCH_BRANCH=true
+          fi
+          if [ "$HAS_GITHUB_SIGNED_COMMIT" = "true" ] && [ "$IS_PATCH_BRANCH" = "true" ]; then
+            echo "IS_GITHUB_COMMIT=true" >> $GITHUB_ENV
+          fi
+
+      - name: Add comment on PR if commits are made on GitHub Web UI
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
+        if: steps.pr_author.outputs.is_allow_listed == 'false' && env.IS_GITHUB_COMMIT == 'true'
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            core.setFailed("Commits were added via the GitHub Web UI.");
+            await github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: "Thanks for your pull request.\n\n**Please do not add commits via the GitHub Web UI.**\n\nIt generally means you have yet to test these changes in a development setup or complete any prerequisites. We need you to follow the guides mentioned in the checklist. Please revalidate these changes in a developer environment and confirm how you validated your changes.\n\nHappy contributing!\n\n---\n_**Note:** This message was automatically generated by a bot. If you feel this message is in error or would like help resolving it, feel free to reach us [in our contributor chat](https://discord.gg/PRyKn3Vbay)._"
+            });
+
+      - name: Add deprioritized label
+        if: failure()
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            await github.rest.issues.addLabels({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              labels: ['deprioritized']
+            });
+
+  # Normalizes PR titles to follow Conventional Commits format, applying fuzzy fixes
+  # for common mistakes like typos, missing colons, or incorrect spacing.
+  fix-pr-title:
+    name: Fix PR Title
+    runs-on: ubuntu-24.04
+    needs: no-web-commits
+    if: needs.no-web-commits.result == 'success'
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          sparse-checkout: .github/scripts/pr-guidelines
+          sparse-checkout-cone-mode: false
+
+      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const fn = require('./.github/scripts/pr-guidelines/fix-pr-title.js');
+            await fn({ github, context });
+
+  # Checks that the PR description still contains the required template.
+  # The first 3 checkboxes must be ticked ([x] or [X]).
+  # The last checkbox (tested locally) is acceptable to leave unticked
+  # but removing the entire template is not.
+  check-pr-template:
+    name: Check PR Template
+    runs-on: ubuntu-24.04
+    needs: no-web-commits
+    if: needs.no-web-commits.result == 'success'
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          sparse-checkout: .github/scripts/pr-guidelines
+          sparse-checkout-cone-mode: false
+
+      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const fn = require('./.github/scripts/pr-guidelines/check-pr-template.js');
+            await fn({ github, context, isAllowListed: '${{ needs.no-web-commits.outputs.is_allow_listed }}' });
+
+  # Verifies that each PR references a linked, triaged issue before it can be reviewed.
+  check-linked-issue:
+    name: Check Linked Issue
+    runs-on: ubuntu-24.04
+    needs: no-web-commits
+    if: needs.no-web-commits.result == 'success'
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          sparse-checkout: .github/scripts/pr-guidelines
+          sparse-checkout-cone-mode: false
+
+      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const fn = require('./.github/scripts/pr-guidelines/check-linked-issue.js');
+            await fn({ github, context, isAllowListed: '${{ needs.no-web-commits.outputs.is_allow_listed }}' });