-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.sh
executable file
·189 lines (162 loc) · 5.33 KB
/
main.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
#!/usr/bin/env bash
##
# Author: Enderson Menezes
# Created: 2024-05-04
##
# Arguments
OWNER_AND_REPOSITORY=$1
PR_NUMBER=$2
SUPERPOWER=$3
# Transform Args
OWNER=$(echo $OWNER_AND_REPOSITORY | cut -d'/' -f1)
REPOSITORY=$(echo $OWNER_AND_REPOSITORY | cut -d'/' -f2)
# Transparent Args
echo "OWNER: $OWNER"
echo "REPOSITORY: $REPOSITORY"
echo "PR_NUMBER: $PR_NUMBER"
# Validate Args
## Verify power is available (SUPERPOWER can be require-all-codeowners)
AVAILABLE_SUPERPOWERS=(
"require-all-codeowners"
)
if ! [[ " ${AVAILABLE_SUPERPOWERS[@]} " =~ " ${SUPERPOWER} " ]]; then
echo "SUPERPOWER is not available"
exit 1
fi
## Verify PR is a number
if ! [[ $PR_NUMBER =~ ^[0-9]+$ ]]; then
echo "PR_NUMBER is not a number"
exit 1
fi
# Make URL
PR_URL="https://github.com/$OWNER/$REPOSITORY/pull/$PR_NUMBER"
echo "Analyzing PR: $PR_URL"
## Checkout Repo and PR
echo "Trying to clone $OWNER/$REPOSITORY"
gh repo clone "$OWNER/$REPOSITORY"
cd $REPOSITORY
gh pr checkout $PR_URL
gh pr diff --name-only $NUMBER > changed_files.txt
echo
echo "Changed Files:"
cat changed_files.txt
## If not changed files
if [ ! -s changed_files.txt ]; then
echo "No files changed"
exit 0
fi
## Add a slash at the beginning of the all lines
sed -i 's/^/\//' changed_files.txt
## Verify that the CODEOWNERS file exists
CODEOWNERS_FILE=".github/CODEOWNERS"
if [ ! -f "$CODEOWNERS_FILE" ]; then
echo "CODEOWNERS file not found"
exit 1
fi
## Verify that CODEOWNERS file have blank end of file
if [ ! -z "$(tail -c 1 $CODEOWNERS_FILE)" ]; then
echo "CODEOWNERS file must have a blank line at the end of the file"
## Add a blank line at the end of the file
echo "" >> $CODEOWNERS_FILE
fi
## Save set for protected dirs
declare -A SET_FILE_OR_DIR_AND_OWNER
## Read the CODEOWNERS file line by line
while IFS= read -r line; do
# Skip comments and empty lines and line with "*"
if [[ "$line" =~ ^\s*# ]] || [[ "$line" =~ ^\s*$ ]] || [[ "$line" =~ ^\s*\* ]]; then
continue
fi
LINE_ARRAY=($line)
# Retrieve the directory or file and the owners (Can be * CAUTION)
DIR_OR_FILE=${LINE_ARRAY[0]}
# Add dir or file on SET_FILE_OR_DIR_AND_OWNER
SET_FILE_OR_DIR_AND_OWNER["$DIR_OR_FILE"]=${LINE_ARRAY[@]:1}
done < "$CODEOWNERS_FILE"
## Verify if the changed files are in the CODEOWNERs DIRs or files
NECESSARY_APPROVALS=()
for FILE in $(cat changed_files.txt); do
for DIR_OR_FILE in "${!SET_FILE_OR_DIR_AND_OWNER[@]}"; do
# Compare if the folder in the tree of protected folders
if [[ "$FILE" == *"$DIR_OR_FILE"* ]]; then
echo
echo "FILE: $FILE is in CODEOWNERS"
echo "OWNER: ${SET_FILE_OR_DIR_AND_OWNER[$DIR_OR_FILE]}"
NECESSARY_APPROVALS+=(${SET_FILE_OR_DIR_AND_OWNER[$DIR_OR_FILE]})
fi
done
done
## Remove duplicates
NECESSARY_APPROVALS=($(echo "${NECESSARY_APPROVALS[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' '))
## If no necessary approvals
if [ ${#NECESSARY_APPROVALS[@]} -eq 0 ]; then
echo "No necessary approvals"
exit 0
fi
## Print the necessary approvals
echo
echo "We identified the following owners are necessary to approve the PR:"
for OWNER in "${NECESSARY_APPROVALS[@]}"; do
echo $OWNER
done
PR_APPROVED=$(gh pr view $PR_NUMBER --json reviews | jq '.reviews[] | select(.state == "APPROVED") | .author.login')
PR_APPROVED=$(echo $PR_APPROVED | tr -d '"')
echo
for NECESSARY_OWNER in "${NECESSARY_APPROVALS[@]}"; do
# Verify is a TEAM or USER spliting /
IS_A_TEAM=$(echo $NECESSARY_OWNER | grep -o '/' | wc -l)
if [ $IS_A_TEAM -eq 0 ]; then
echo "$NECESSARY_OWNER" > member_list_$NECESSARY_OWNER.txt
continue
fi
OWNER_ORGANIZATION=$(echo $NECESSARY_OWNER | cut -d'/' -f1)
OWNER_ORGANIZATION=$(echo $OWNER_ORGANIZATION | cut -c 2-)
OWNER_TEAM=$(echo $NECESSARY_OWNER | cut -d'/' -f2)
API_CALL="/orgs/$OWNER_ORGANIZATION/teams/$OWNER_TEAM/members"
MEMBER_LIST=$(gh api \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
$API_CALL | jq '.[].login' | tr -d '"')
echo $MEMBER_LIST > member_list_$OWNER_TEAM.txt
done
echo
MEMBER_LIST_FILES=$(ls member_list_*.txt)
TEAMS_APPROVED=()
TEAMS_MISSING_APPROVAL=()
echo "We identified the following approvals:"
for OWNER in $PR_APPROVED; do
for MEMBER_LIST_FILE in $MEMBER_LIST_FILES; do
TEAM=$(echo $MEMBER_LIST_FILE | cut -d'_' -f3 | cut -d'.' -f1)
if grep -q $OWNER $MEMBER_LIST_FILE; then
echo "$OWNER is a member of $TEAM"
if [[ " ${TEAMS_APPROVED[@]} " =~ " ${TEAM} " ]]; then
continue
fi
TEAMS_APPROVED+=($TEAM)
fi
done
done
## Compare the necessary with the approved
for NECESSARY_OWNER in "${NECESSARY_APPROVALS[@]}"; do
OWNER_ORGANIZATION=$(echo $NECESSARY_OWNER | cut -d'/' -f1)
OWNER_ORGANIZATION=$(echo $OWNER_ORGANIZATION | cut -c 2-)
OWNER_TEAM=$(echo $NECESSARY_OWNER | cut -d'/' -f2)
if [[ " ${TEAMS_APPROVED[@]} " =~ " ${OWNER_TEAM} " ]]; then
continue
fi
TEAMS_MISSING_APPROVAL+=($NECESSARY_OWNER)
done
## Conclusion
echo
echo "Teams that approved the PR:"
for TEAM in "${TEAMS_APPROVED[@]}"; do
echo $TEAM
done
echo
echo "Teams that missing approval:"
for TEAM in "${TEAMS_MISSING_APPROVAL[@]}"; do
echo $TEAM
done
if [ ${#TEAMS_MISSING_APPROVAL[@]} -gt 0 ]; then
exit 1
fi