.github/workflows/fips-label.yml

   1 name: FIPS Changed Label
   2 on:
   3   workflow_run:
   4     workflows: ["FIPS Checksums"]
   5     types:
   6       - completed
   7
   8 jobs:
   9   apply-label:
  10     runs-on: ubuntu-latest
  11     if: ${{ github.event.workflow_run.event == 'pull_request' }}
  12     steps:
  13       - name: 'Download artifact'
  14         if: ${{ github.event.workflow_run.conclusion == 'success' }}
  15         uses: actions/github-script@v4
  16         with:
  17           script: |
  18             var artifacts = await github.actions.listWorkflowRunArtifacts({
  19                owner: context.repo.owner,
  20                repo: context.repo.repo,
  21                run_id: ${{github.event.workflow_run.id }},
  22             });
  23             var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
  24               return artifact.name == "fips_checksum"
  25             })[0];
  26             var download = await github.actions.downloadArtifact({
  27                owner: context.repo.owner,
  28                repo: context.repo.repo,
  29                artifact_id: matchArtifact.id,
  30                archive_format: 'zip',
  31             });
  32             var fs = require('fs');
  33             fs.writeFileSync('${{github.workspace}}/artifact.zip', Buffer.from(download.data));
  34       - run: unzip artifact.zip
  35         if: ${{ github.event.workflow_run.conclusion == 'success' }}
  36       - name: 'Check artifact and apply'
  37         if: ${{ github.event.workflow_run.conclusion == 'success' }}
  38         uses: actions/github-script@v4
  39         with:
  40           github-token: ${{secrets.GITHUB_TOKEN}}
  41           script: |
  42             var fs = require('fs');
  43             var pr_num = Number(fs.readFileSync('./pr_num'));
  44             if ( fs.existsSync('./fips_changed') ) {
  45               github.issues.addLabels({
  46                 issue_number: pr_num,
  47                 owner: context.repo.owner,
  48                 repo: context.repo.repo,
  49                 labels: ['severity: fips change']
  50               });
  51             } else if ( fs.existsSync('./fips_unchanged') ) {
  52               var labels = await github.issues.listLabelsOnIssue({
  53                 issue_number: pr_num,
  54                 owner: context.repo.owner,
  55                 repo: context.repo.repo
  56               });
  57
  58               for ( var label in labels.data ) {
  59                 if (labels.data[label].name == 'severity: fips change') {
  60                   github.issues.removeLabel({
  61                     issue_number: pr_num,
  62                     owner: context.repo.owner,
  63                     repo: context.repo.repo,
  64                     name: 'severity: fips change'
  65                   });
  66                 }
  67               }
  68             }