go back to using the bash script
This commit is contained in:
GrantBirki
Родитель
08e8c2b2fd
Коммит
8c54e94d44
|
|
@ -38,14 +38,9 @@ jobs:
|
||||||
|
|
||||||
- name: manager review
|
- name: manager review
|
||||||
id: manager_review
|
id: manager_review
|
||||||
env:
|
run: echo "managers=$(examples/manager_review)" >> $GITHUB_OUTPUT
|
||||||
DIFF: ${{ steps.git-diff-action.outputs.json-diff-path }}
|
|
||||||
run: |
|
|
||||||
bundle exec ruby examples/manager_review.rb
|
|
||||||
echo "managers=$(cat managers.txt)" >> $GITHUB_OUTPUT
|
|
||||||
rm managers.txt
|
|
||||||
|
|
||||||
- uses: delivery-much/actions-assigner@ef457092b82f63fe69b1b36279a4d9a3946859c5 # pin@v1
|
- uses: delivery-much/actions-assigner@ef457092b82f63fe69b1b36279a4d9a3946859c5 # pin@v1
|
||||||
if: steps.manager_review.outputs.managers != '$NO_MANAGERS_FOUND$'
|
if: steps.manager_review.outputs.managers != ''
|
||||||
with:
|
with:
|
||||||
reviewers: ${{ steps.manager_review.outputs.managers }}
|
reviewers: ${{ steps.manager_review.outputs.managers }}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,31 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [ -z $GITHUB_HEAD_REF ];
|
||||||
|
then
|
||||||
|
GITHUB_HEAD_REF=$(git rev-parse --abbrev-ref HEAD)
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Get the PR diff
|
||||||
|
diff=$(git diff origin/main origin/${GITHUB_HEAD_REF})
|
||||||
|
# See if the PR diff is related to entitlements configs
|
||||||
|
while IFS='' read -r FILES; do
|
||||||
|
# Check each line of each entitlement config and grab the affected users
|
||||||
|
for line in "${FILES[@]}"; do
|
||||||
|
if [[ $line = "+username"* ]] || [[ $line = "-username"* ]]
|
||||||
|
then
|
||||||
|
IFS=" " read declaration comparison name <<< $line
|
||||||
|
# Grab the manager from the Org Chart for each affected user
|
||||||
|
export name=$name
|
||||||
|
manager=$(yq e '.[env(name)].manager' config/orgchart.yaml)
|
||||||
|
# skip if manager is null
|
||||||
|
if [ -z $manager ];
|
||||||
|
then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo $manager
|
||||||
|
exit 0
|
||||||
|
IFS=''
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
done <<< "$diff"
|
||||||
|
|
@ -1,79 +0,0 @@
|
||||||
# frozen_string_literal: true
|
|
||||||
|
|
||||||
require "json"
|
|
||||||
require "yaml"
|
|
||||||
|
|
||||||
PATH_TO_CHECK = ENV.fetch("ENTITLEMENTS_FILE_PATHS", ".txt") # only check txt files
|
|
||||||
EXCLUDED_FILES_ARRAY = File.readlines("config/manager_review_excluded.txt").map(&:chomp)
|
|
||||||
STRING_MATCH = "username"
|
|
||||||
OUTPUT_FILE = "managers.txt"
|
|
||||||
ORG_CHART = YAML.safe_load_file("config/orgchart.yaml")
|
|
||||||
|
|
||||||
# startup message
|
|
||||||
puts "========================================="
|
|
||||||
puts "🤖 manager_review"
|
|
||||||
puts "========================================="
|
|
||||||
|
|
||||||
# open the diff file and parse it as json
|
|
||||||
json_diff_file = File.read(ENV.fetch("DIFF", "diff.json"))
|
|
||||||
git_diff = JSON.parse(json_diff_file)
|
|
||||||
|
|
||||||
usernames = []
|
|
||||||
|
|
||||||
# loop through the files in the diff
|
|
||||||
git_diff["files"].each do |file|
|
|
||||||
next if file["type"] == "DeletedFile" # Skip deleted files as they are not relevant
|
|
||||||
|
|
||||||
path = file["path"] || file["pathAfter"]
|
|
||||||
next unless path.end_with?(PATH_TO_CHECK) # Skip files that are not entitlments txt files
|
|
||||||
|
|
||||||
# skip files that are in the excluded files array
|
|
||||||
next if EXCLUDED_FILES_ARRAY.any? { |excluded_file| path.include?(excluded_file) }
|
|
||||||
|
|
||||||
# loop through the chunks in the file
|
|
||||||
file["chunks"].each do |chunk|
|
|
||||||
# loop through the changes in the chunk
|
|
||||||
chunk["changes"].each do |change|
|
|
||||||
next if change["type"] == "DeletedLine" # skip deleted lines as they are not relevant
|
|
||||||
|
|
||||||
next if change["type"] == "UnchangedLine" # skip unchanged lines as they are not relevant
|
|
||||||
|
|
||||||
next unless change["content"].include?(STRING_MATCH)
|
|
||||||
|
|
||||||
# fetch the username value from the line
|
|
||||||
|
|
||||||
puts "👀 checking #{change['content']} for #{STRING_MATCH} value"
|
|
||||||
|
|
||||||
# format the value of the username variable for processing
|
|
||||||
username = change["content"].split(STRING_MATCH)[1].strip
|
|
||||||
# remove any 'comments' from the value
|
|
||||||
username = username.split("#")[0].strip
|
|
||||||
# remove any in-line attributes from the value
|
|
||||||
username = username.split(";")[0].strip # ie. username = value; expiration = "value"
|
|
||||||
# remove any special characters from the value
|
|
||||||
username = username.gsub(/["'= \[\],:]/, "")
|
|
||||||
|
|
||||||
puts "💡 the value of #{STRING_MATCH} is #{username}"
|
|
||||||
usernames << username
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
if usernames.empty?
|
|
||||||
puts "no usernames found in diff"
|
|
||||||
puts "📝 writting a bypass file"
|
|
||||||
File.write(OUTPUT_FILE, "$NO_MANAGERS_FOUND$")
|
|
||||||
puts "✅ wrote bypass file to #{OUTPUT_FILE}"
|
|
||||||
exit(0)
|
|
||||||
end
|
|
||||||
|
|
||||||
# iterate over each username that is having access altered and fetch their manager
|
|
||||||
managers = usernames.map do |username|
|
|
||||||
ORG_CHART[username]["manager"]
|
|
||||||
end
|
|
||||||
|
|
||||||
puts "💡 found #{managers.length} managers to request for review"
|
|
||||||
puts "📝 writting managers to #{OUTPUT_FILE}"
|
|
||||||
File.write(OUTPUT_FILE, managers.join(","))
|
|
||||||
puts "✅ wrote managers to #{OUTPUT_FILE}"
|
|
||||||
exit(0)
|
|
||||||
Загрузка…
Ссылка в новой задаче