name: GitHub - PR Contribution Guidelines on: pull_request_target: types: [opened, reopened] jobs: # Ensures PR commits were not added via the GitHub Web UI, which typically indicates # the contributor hasn't tested their changes in a local development environment. no-web-commits: name: No Commits on GitHub Web runs-on: ubuntu-24.04 outputs: is_allow_listed: ${{ steps.pr_author.outputs.is_allow_listed }} steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: sparse-checkout: .github/scripts/pr-guidelines sparse-checkout-cone-mode: false - name: Check if PR author is allow-listed id: pr_author uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: # GITHUB_TOKEN does not have the read:org permission needed for this call # while CAMPERBOT_NO_TRANSLATE does, since it is a PAT for the camperbot account with read:org scope github-token: ${{ secrets.CAMPERBOT_NO_TRANSLATE }} script: | const fn = require('./.github/scripts/pr-guidelines/check-allow-list.js'); await fn({ github, context, core }); - name: Check if commits are made on GitHub Web UI id: check-commits if: steps.pr_author.outputs.is_allow_listed == 'false' env: HEAD_REF: ${{ github.head_ref }} run: | PR_NUMBER=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH") COMMITS_URL="https://api.github.com/repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/commits" HAS_GITHUB_SIGNED_COMMIT=$(curl --header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" "$COMMITS_URL" | jq '[.[] | select(.commit.committer.name == "GitHub") | select(.commit.message | test("revert"; "i") | not)] | length > 0') # GitHub Codespaces also produces GitHub-signed commits, but Codespaces users # work on descriptively named branches. The web editor defaults to patch-N branches. IS_PATCH_BRANCH=false if [[ "$HEAD_REF" =~ ^patch-[0-9]+$ ]]; then IS_PATCH_BRANCH=true fi if [ "$HAS_GITHUB_SIGNED_COMMIT" = "true" ] && [ "$IS_PATCH_BRANCH" = "true" ]; then echo "IS_GITHUB_COMMIT=true" >> $GITHUB_ENV fi - name: Add comment on PR if commits are made on GitHub Web UI uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 if: steps.pr_author.outputs.is_allow_listed == 'false' && env.IS_GITHUB_COMMIT == 'true' with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | core.setFailed("Commits were added via the GitHub Web UI."); await github.rest.issues.createComment({ issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, body: "Thanks for your pull request.\n\n**Please do not add commits via the GitHub Web UI.**\n\nIt generally means you have yet to test these changes in a development setup or complete any prerequisites. We need you to follow the guides mentioned in the checklist. Please revalidate these changes in a developer environment and confirm how you validated your changes.\n\nHappy contributing!\n\n---\n_**Note:** This message was automatically generated by a bot. If you feel this message is in error or would like help resolving it, feel free to reach us [in our contributor chat](https://discord.gg/PRyKn3Vbay)._" }); - name: Add deprioritized label if: failure() uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | await github.rest.issues.addLabels({ owner: context.repo.owner, repo: context.repo.repo, issue_number: context.issue.number, labels: ['deprioritized'] }); # Normalizes PR titles to follow Conventional Commits format, applying fuzzy fixes # for common mistakes like typos, missing colons, or incorrect spacing. fix-pr-title: name: Fix PR Title runs-on: ubuntu-24.04 needs: no-web-commits if: needs.no-web-commits.result == 'success' steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: sparse-checkout: .github/scripts/pr-guidelines sparse-checkout-cone-mode: false - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | const fn = require('./.github/scripts/pr-guidelines/fix-pr-title.js'); await fn({ github, context }); # Checks that the PR description still contains the required template. # The first 3 checkboxes must be ticked ([x] or [X]). # The last checkbox (tested locally) is acceptable to leave unticked # but removing the entire template is not. check-pr-template: name: Check PR Template runs-on: ubuntu-24.04 needs: no-web-commits if: needs.no-web-commits.result == 'success' steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: sparse-checkout: .github/scripts/pr-guidelines sparse-checkout-cone-mode: false - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | const fn = require('./.github/scripts/pr-guidelines/check-pr-template.js'); await fn({ github, context, isAllowListed: '${{ needs.no-web-commits.outputs.is_allow_listed }}' }); # Verifies that each PR references a linked, triaged issue before it can be reviewed. check-linked-issue: name: Check Linked Issue runs-on: ubuntu-24.04 needs: no-web-commits if: needs.no-web-commits.result == 'success' steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: sparse-checkout: .github/scripts/pr-guidelines sparse-checkout-cone-mode: false - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | const fn = require('./.github/scripts/pr-guidelines/check-linked-issue.js'); await fn({ github, context, isAllowListed: '${{ needs.no-web-commits.outputs.is_allow_listed }}' });