d42041c5b5
* ci: implement enterprise-grade PR quality gates and security scanning * ci: implement enterprise-grade PR quality gates and security scanning * fix:pr comments and improve code * fix: improve commit linting and code quality * Removed the dependency-review job (i added it) * fix: address CodeRabbit review comments - Expand scope pattern to allow uppercase, underscores, slashes, dots - Add concurrency control to cancel duplicate security scan runs - Add explanatory comment for Bandit CLI flags - Remove dependency-review job (requires repo settings) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: update commit lint examples with expanded scope patterns Show slashes and dots in scope examples to demonstrate the newly allowed characters (api/users, package.json) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * chore: remove feature request issue template Feature requests are directed to GitHub Discussions via the issue template config.yml 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address security vulnerabilities in service orchestrator - Fix port parsing crash on malformed docker-compose entries - Fix shell injection risk by using shlex.split() with shell=False Prevents crashes when docker-compose.yml contains environment variables in port mappings (e.g., '${PORT}:8080') and eliminates shell injection vulnerabilities in subprocess execution. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
73 lines
2.3 KiB
YAML
73 lines
2.3 KiB
YAML
name: PR Status Check
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, synchronize, reopened]
|
|
|
|
# Cancel in-progress runs for the same PR
|
|
concurrency:
|
|
group: pr-status-${{ github.event.pull_request.number }}
|
|
cancel-in-progress: true
|
|
|
|
permissions:
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
mark-checking:
|
|
name: Set Checking Status
|
|
runs-on: ubuntu-latest
|
|
# Don't run on fork PRs (they can't write labels)
|
|
if: github.event.pull_request.head.repo.full_name == github.repository
|
|
timeout-minutes: 5
|
|
steps:
|
|
- name: Update PR status label
|
|
uses: actions/github-script@v7
|
|
with:
|
|
retries: 3
|
|
retry-exempt-status-codes: 400,401,403,404,422
|
|
script: |
|
|
const { owner, repo } = context.repo;
|
|
const prNumber = context.payload.pull_request.number;
|
|
const statusLabels = ['🔄 Checking', '✅ Ready for Review', '❌ Checks Failed'];
|
|
|
|
console.log(`::group::PR #${prNumber} - Setting status to Checking`);
|
|
|
|
// Remove old status labels (parallel for speed)
|
|
const removePromises = statusLabels.map(async (label) => {
|
|
try {
|
|
await github.rest.issues.removeLabel({
|
|
owner,
|
|
repo,
|
|
issue_number: prNumber,
|
|
name: label
|
|
});
|
|
console.log(` ✓ Removed: ${label}`);
|
|
} catch (e) {
|
|
if (e.status !== 404) {
|
|
console.log(` ⚠ Could not remove ${label}: ${e.message}`);
|
|
}
|
|
}
|
|
});
|
|
|
|
await Promise.all(removePromises);
|
|
|
|
// Add checking label
|
|
try {
|
|
await github.rest.issues.addLabels({
|
|
owner,
|
|
repo,
|
|
issue_number: prNumber,
|
|
labels: ['🔄 Checking']
|
|
});
|
|
console.log(` ✓ Added: 🔄 Checking`);
|
|
} catch (e) {
|
|
// Label might not exist - create helpful error
|
|
if (e.status === 404) {
|
|
core.warning(`Label '🔄 Checking' does not exist. Please create it in repository settings.`);
|
|
}
|
|
throw e;
|
|
}
|
|
|
|
console.log('::endgroup::');
|
|
console.log(`✅ PR #${prNumber} marked as checking`);
|