diff --git a/.github/workflows/add-pr-to-devops.yml b/.github/workflows/add-pr-to-devops.yml new file mode 100644 index 0000000..08b6733 --- /dev/null +++ b/.github/workflows/add-pr-to-devops.yml @@ -0,0 +1,25 @@ +name: Add PR to DevOps Board + +on: + pull_request: + types: [opened, reopened] + branches: [main, master] + +jobs: + add_to_project: + runs-on: ubuntu-latest + if: | + github.event.pull_request.base.ref == 'main' || + github.event.pull_request.base.ref == 'master' + permissions: + contents: read + pull-requests: write + repository-projects: write + organization-projects: write + steps: + - name: Add PR to DevOps Release Board + uses: actions/add-to-project@v0.5.0 + with: + project-url: https://github.com/orgs/dhwani-ris/projects/## + github-token: ${{ secrets.GITHUB_TOKEN }} + diff --git a/.github/workflows/auto-reviewer.yml b/.github/workflows/auto-reviewer.yml index 5ba1e01..f97e436 100644 --- a/.github/workflows/auto-reviewer.yml +++ b/.github/workflows/auto-reviewer.yml @@ -2,7 +2,8 @@ name: Auto Request Review on: pull_request: - types: [opened, synchronize, reopened, ready_for_review] + types: [opened, synchronize, reopened, ready_for_review, closed] + branches: [master] permissions: pull-requests: write @@ -13,8 +14,8 @@ jobs: name: Request Review from Default Reviewer runs-on: ubuntu-latest if: | - github.event.pull_request.base.ref == 'main' || - github.event.pull_request.base.ref == 'master' + (github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' || github.event.action == 'ready_for_review') && + (github.event.pull_request.base.ref == 'main' || github.event.pull_request.base.ref == 'master') steps: - name: Request review from default reviewer diff --git a/.github/workflows/bot-handler.yml b/.github/workflows/bot-handler.yml index 8b0476a..050c0ed 100644 --- a/.github/workflows/bot-handler.yml +++ b/.github/workflows/bot-handler.yml @@ -4,7 +4,8 @@ on: issue_comment: types: [created, edited] pull_request: - types: [opened, synchronize, reopened] + types: [opened, synchronize, reopened, closed] + branches: [master] permissions: contents: write diff --git a/.github/workflows/devops-checklist-submit.yml b/.github/workflows/devops-checklist-submit.yml new file mode 100644 index 0000000..33d700d --- /dev/null +++ b/.github/workflows/devops-checklist-submit.yml @@ -0,0 +1,124 @@ +name: DevOps Checklist Submission + +on: + issue_comment: + types: [created] + +permissions: + pull-requests: write + contents: read + +jobs: + submit-checklist: + runs-on: ubuntu-latest + if: | + github.event.issue.pull_request && + contains(github.event.comment.body, '/submit-checklist') + steps: + - name: Get PR number + id: get-pr + uses: actions/github-script@v8 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const prNumber = context.payload.issue.number; + core.setOutput('pr_number', prNumber); + return prNumber; + + - name: Submit and lock checklist + uses: actions/github-script@v8 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const prNumber = context.payload.issue.number; + const submitter = context.payload.comment.user.login; + const submitTime = new Date().toISOString(); + const submitDate = new Date().toLocaleString('en-US', { + timeZone: 'UTC', + year: 'numeric', + month: 'long', + day: 'numeric', + hour: '2-digit', + minute: '2-digit', + second: '2-digit', + timeZoneName: 'short' + }); + + // Get all comments to find the checklist + const comments = await github.rest.issues.listComments({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: prNumber, + }); + + const checklistComment = comments.data.find( + comment => comment.user.type === 'Bot' && + comment.body.includes('DevOps Checklist - Workflow Review') + ); + + if (!checklistComment) { + console.log('Checklist comment not found'); + return; + } + + // Check if already submitted + if (checklistComment.body.includes('✅ **CHECKLIST SUBMITTED**')) { + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: prNumber, + body: `⚠️ This checklist has already been submitted and cannot be modified.` + }); + return; + } + + // Extract the current checklist content (preserve checkboxes) + let checklistBody = checklistComment.body; + + // Replace the submission section with submitted status + const submittedSection = `--- + + ### ✅ **CHECKLIST SUBMITTED** + + **Submitted by:** @${submitter} + **Submitted at:** ${submitDate} (UTC) + + 🔒 **This checklist is now locked and cannot be modified.** + + --- + **Note:** This checklist was submitted and is final. No further changes can be made.`; + + // Find and replace the submission section + // Look for the "Submit Checklist" section and replace everything from there to the end + const submitSectionStart = checklistBody.indexOf('### 📤 Submit Checklist'); + if (submitSectionStart !== -1) { + // Keep everything before the submission section, then add the submitted section + checklistBody = checklistBody.substring(0, submitSectionStart) + submittedSection; + } else { + // If section not found, append the submitted section + checklistBody = checklistBody + '\n\n' + submittedSection; + } + + // Update the checklist comment to show it's submitted + await github.rest.issues.updateComment({ + owner: context.repo.owner, + repo: context.repo.repo, + comment_id: checklistComment.id, + body: checklistBody + }); + + // Add a confirmation comment + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: prNumber, + body: `✅ **Checklist submitted successfully!** + + The DevOps Checklist has been locked and cannot be modified. + + **Submitted by:** @${submitter} + **Time:** ${submitDate} (UTC)` + }); + + console.log(`Checklist submitted by ${submitter} at ${submitTime}`); + diff --git a/.github/workflows/devops-checklist.yml b/.github/workflows/devops-checklist.yml index 1bc8956..aa6eb8e 100644 --- a/.github/workflows/devops-checklist.yml +++ b/.github/workflows/devops-checklist.yml @@ -181,87 +181,6 @@ jobs: |-------|-----------------|----------------|-----------------| | 1. | \`${context.repo.repo}\` | \`${pr.base.ref}-release-${version}\` | ${formatFeatureDetails(featureDetails)} | - **Dependencies:** - - Dependencies updated: \`TBD\` *(Please review and update)* - \`\`\` - - \`\`\` - - **Database Changes (Queries to run):** - - Database changes required: \`TBD\` *(Please review and update)* - \`\`\` - - \`\`\` - - **Testing:** - - [ ] Unit tests passed - - [ ] Integration tests passed - - [ ] E2E tests passed - - [ ] Manual testing completed - \`\`\` - - \`\`\` - - **Known Issues:** - - Known issues: \`TBD\` *(Please review and update)* - \`\`\` - - \`\`\` - - **Contact Information:** - - Support Team Email: \`\`\`\`\`\` - - Support Team Phone: \`\`\`\`\`\` - - **Attachments:** - - Deployment files attached/committed: \`TBD\` *(Please review and update)* - \`\`\` - - \`\`\` - - --- - - ### For DevOps Team Use Only - *(To be filled by the DevOps team after deploying the release)* - - **Deployment Details:** - - Date and time of deployment: \`\`\`\`\`\` - - Deployed by: \`\`\`\`\`\` - - Deployment Status: \`\`\`\`\`\` - - **Deployment Instructions:** - - [ ] Pre-deployment tasks completed (backups, etc.) - - [ ] Production environment accessed securely - - [ ] Latest release pulled from version control - - [ ] Dependencies installed/updated - - [ ] Database migrations run (if applicable) - - [ ] Application services restarted - - [ ] Deployment monitored and verified - - **Rollback Plan:** - - [ ] Rollback procedure documented - - [ ] Previous version tag identified: \`\`\`\`\`\` - - [ ] Database rollback scripts prepared (if applicable) - - [ ] Rollback tested in staging environment - - **Post-Deployment Checklist:** - - [ ] Service availability and response times verified - - [ ] System resources monitored - - [ ] Critical user scenarios tested - - [ ] Data integrity confirmed - - [ ] Error logs reviewed - - [ ] Security scans completed - - [ ] Server and infrastructure health checked - - [ ] Backup and disaster recovery procedures validated - - **Notes:** - \`\`\` - - \`\`\` - - **Acknowledgment:** - - [ ] Deployment acknowledged and system ready for production use - - --- **Note:** This deployment document was **automatically generated** from PR commits and information. Please review and update the TBD sections before merging.`; // Check if comment already exists @@ -320,35 +239,6 @@ jobs: github-token: ${{ secrets.GITHUB_TOKEN }} script: | const pr = context.payload.pull_request; - const checklist = `## 🔧 DevOps Checklist - Workflow Review - - **Please review all workflows and checks before merging:** - - ### Workflow Status Review - - [ ] All CI/CD workflows are passing - - [ ] Quality Checks workflow passed - - [ ] Security Scan workflow passed - - [ ] Code quality checks passed - - [ ] Test coverage meets requirements - - ### Review Status - - [ ] All required reviewers have approved - - [ ] Code review completed - - [ ] Security review completed (if applicable) - - ### Pre-Merge Verification - - [ ] Deployment Notes document reviewed (see Deployment Notes comment above) - - [ ] All commits reviewed - - [ ] Breaking changes identified (if any) - - [ ] Version number verified (if applicable) - - ### Final Checks - - [ ] No blocking issues or errors - - [ ] Ready for production deployment - - [ ] Rollback plan understood (if high-risk) - - --- - **Note:** This checklist is for DevOps team to verify all workflows and checks before merging.`; // Check if comment already exists const comments = await github.rest.issues.listComments({ @@ -363,22 +253,98 @@ jobs: ); if (existingComment) { - // Update existing comment - await github.rest.issues.updateComment({ - owner: context.repo.owner, - repo: context.repo.repo, - comment_id: existingComment.id, - body: checklist - }); - console.log('Updated existing DevOps Checklist comment'); - } else { - // Create new comment - await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: pr.number, - body: checklist - }); - console.log('Created new DevOps Checklist comment'); + // Check if already submitted + if (existingComment.body.includes('✅ **CHECKLIST SUBMITTED**')) { + console.log('Checklist already submitted and locked, cannot update'); + return; + } + // Don't update existing comment to preserve checkbox states + console.log('DevOps Checklist comment already exists, preserving user checkboxes'); + return; } + + // Only create new comment if it doesn't exist + const checklist = `## 🔧 DevOps Checklist - Workflow Review + + **Please review all workflows and checks before merging:** + + ### 1. Workflow Status Review + - [ ] DevOps Checklist Reminder + - [ ] Documentation Required + - [ ] Semantic Commits + - [ ] GitHub Actions Security (send-secrets) + - [ ] Quality Checks / Pre-Commit + - [ ] Quality Checks / Semgrep Rules + - [ ] All other workflows passing + + ### 2. Code Review & Approval + - [ ] Team Lead has approved the PR + - [ ] All reviewer comments resolved + - [ ] No leftover debug logs, temp files, zip files, or accidental commits + - [ ] No exposed secrets or credentials + - [ ] Commit messages follow semantic standards + + ### 3. Documentation & Release Notes + - [ ] Deployment Notes reviewed + - [ ] Change summary provided + - [ ] Impacted modules/services listed + - [ ] Config or environment changes documented + - [ ] Rollback Plan attached + - [ ] 🔗 Rollback Reference: https://devops.dhwaniris.com/rollback-guidelines + + ### 4. Functional & QA Validation + - [ ] Changes tested on staging/UAT + - [ ] QA sign-off received + - [ ] No high/critical bugs pending + - [ ] Regression testing completed + - [ ] API responses verified (if applicable) + + ### 5. Security & Compliance + - [ ] Semgrep Rules passed (mandatory) + - [ ] No new security warnings introduced + - [ ] Sensitive logic reviewed + - [ ] No secrets in PR (manual confirmation) + + ### 6. Deployment Verification + - [ ] Deployment strategy identified (Blue/Green / Rolling / Manual) + - [ ] Downtime estimate validated (if applicable) + - [ ] Backup/restore plan ready + - [ ] Monitoring alerts configured or validated + - [ ] Pre-deployment checks completed (DB migrations, queues, cron, cache, etc.) + + ### 7. Merge Validation + - [ ] PR raised from development → master (correct flow) + - [ ] Branch updated with latest master (no conflicts) + - [ ] All merge blockers cleared + - [ ] No pending tasks or approvals + + ### 8. Final DevOps Decision + - [ ] **GO** → Safe to merge into production + - [ ] **NO-GO** → Blocked; failures listed below: + + **Notes:** + \`\`\` + + \`\`\` + + --- + + ### 📤 Submit Checklist + + **To submit this checklist (cannot be reverted once submitted):** + + Comment: \`/submit-checklist\` + + ⚠️ **Warning:** Once submitted, this checklist will be locked and cannot be modified. + + **Status:** ⏳ *Pending Submission*`; + + // Create new comment + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: pr.number, + body: checklist + }); + console.log('Created new DevOps Checklist comment');