Skip to content
This repository has been archived by the owner on Aug 13, 2024. It is now read-only.

chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 #2038

chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0

chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 #2038

Workflow file for this run

name: Labeller
on:
pull_request_target:
types:
- auto_merge_disabled
- auto_merge_enabled
- opened
- synchronize
- reopened
permissions: {}
jobs:
add_remove_labels:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
- name: Add auto-merge label
if: github.event.action == 'auto_merge_enabled'
run: gh pr edit "$PR_URL" --add-label "auto-merge"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
- name: Remove auto-merge label
if: github.event.action == 'auto_merge_disabled'
run: gh pr edit "$PR_URL" --remove-label "auto-merge"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
- name: Set userscript-specific labels
if: contains(fromJSON('["opened", "synchronize", "reopened"]'), github.event.action)
env:
GH_REPO: ${{github.repository}}
PR_SHA: ${{github.sha}}
PR_NUMBER: ${{github.event.number}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
run: |
# Determine what userscripts are defined at the PR HEAD SHA. Each
# userscript name is also the name of a label.
scriptNames=$(
gh api \
-H "Accept: application/vnd.github.object" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"/repos/{owner}/{repo}/contents/scripts?ref=${PR_SHA}" \
--jq '.entries | map(select(.type == "dir")) | .[].name'
)
echo "Known userscripts: ${scriptNames//$'\n'/, }"
if [ -z "${scriptNames}" ]; then exit; fi
# utility functions to join arrrays with an arbitrary delimiter, and to print
join() { local delim=$1 out; shift; printf -v out "%s$delim" "$@"; echo "${out%"${delim}"}"; }
echoArr() { local msg=$1; shift; echo "$msg: $(join ', ' "$@")"; }
# Determine the existing labels on this PR
declare -A existingLabels=()
for label in $(gh pr view "$PR_NUMBER" --json labels --jq '.labels[].name'); do
existingLabels[$label]=1
done
echoArr 'Existing PR labels' "${!existingLabels[@]}"
# Determine what scripts this PR touched, based on what files it changed
declare -A touchedScripts=()
for touched in $(
gh api \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"/repos/{owner}/{repo}/pulls/${PR_NUMBER}/files" \
--jq 'map(.filename | match("^scripts/([^/]+)/") | .captures[0].string) | unique | .[]'
); do
touchedScripts[$touched]=1
done
echoArr 'Touched scripts' "${!touchedScripts[@]}"
# if there are changes for a userscript, add the matching label. Otherwise, if
# there is an existing label for a userscript the PR no longer touches, remove
# it again.
declare -A missingLabels=() surplusLabels=()
for scriptName in $scriptNames; do
if [[ ${touchedScripts["$scriptName"]} && ! ${existingLabels[$scriptName]} ]]; then
missingLabels[$scriptName]=1
elif [[ ! ${touchedScripts["$scriptName"]} && ${existingLabels[$scriptName]} ]]; then
surplusLabels[$scriptName]=1
fi
done
declare -a args=()
if [ "${#missingLabels[*]}" -gt 0 ]; then
echoArr 'Adding labels to PR' "${!missingLabels[@]}"
args+=("--add-label" "$(join , "${!missingLabels[@]}")")
fi
if [ "${#surplusLabels[*]}" -gt 0 ]; then
echoArr 'Removing labels from PR' "${!surplusLabels[@]}"
args+=("--remove-label" "$(join , "${!surplusLabels[@]}")")
fi
if [ "${#args[*]}" -gt 0 ]; then
gh pr edit "$PR_NUMBER" "${args[@]}"
fi