[DEVOPS-862] Add protections around SQL migration modification changes (#2177)

2024-11-21 12:05:42 +01:00 · 2022-08-10 18:19:52 +00:00 · 2022-08-10 18:19:52 +00:00 · b86a04cef9
commit b86a04cef9
parent 4fc5347f15
2 changed files with 62 additions and 3 deletions
--- a/.github/workflows/enforce-labels.yml
+++ b/.github/workflows/enforce-labels.yml
@ -10,7 +10,7 @@ jobs:
    runs-on: ubuntu-20.04
    steps:
      - name: Enforce Label
-        uses: yogevbd/enforce-label-action@8d1e1709b1011e6d90400a0e6cf7c0b77aa5efeb
+        uses: yogevbd/enforce-label-action@a3c219da6b8fa73f6ba62b68ff09c469b3a1c024
        with:
-          BANNED_LABELS: "hold"
-          BANNED_LABELS_DESCRIPTION: "PRs on hold cannot be merged"
+          BANNED_LABELS: "hold, DB migrations changed"
+          BANNED_LABELS_DESCRIPTION: "PRs with ${bannedLabel.name} label cannot be merged"
--- a/.github/workflows/protect-files.yml
+++ b/.github/workflows/protect-files.yml
@ -0,0 +1,59 @@
+# Runs if there are changes to the paths: list.
+# Starts a matrix job to check for modified files, then sets output based on the results.
+# The input decides if the label job is ran, adding a label to the PR.
+---
+
+name: Protect Files
+
+on:
+  pull_request:
+    types: 
+      - opened
+      - synchronize
+    paths: 
+      - "util/Migrator/DbScripts"
+
+jobs:
+  changed-files:
+    name: Check for file changes
+    runs-on: ubuntu-20.04
+    outputs:
+      changes: steps.check-changes.outputs.changes_detected
+
+    strategy:
+      fail-fast: true
+      matrix:
+        include:
+          - name: Database Scripts
+            path: util/Migrator/DbScripts
+            label: "DB migrations changed"
+    steps:
+      - name: Checkout PR
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+        with:
+          fetch-depth: 0
+
+      - name: Check for file changes
+        id: check-changes
+        run: |
+          MODIFIED_FILES=$(git diff --name-only --diff-filter=M ${GITHUB_BASE_REF})
+
+          for file in $MODIFIED_FILES; do
+            if [[ $file == *"${{ matrix.path }}"*]]; then
+              echo "::set-output name=changes_detected::'true'"
+              break
+            else echo "::set-output name=changes_detected::'false'"
+            fi
+          done
+
+  label-pr:
+    name: Add label to pull request
+    runs-on: ubuntu-20.04
+    needs: 
+      - changed-files
+    if: contains(needs.changed-files.outputs.changes, "true") || job.changed-files.status == "failure"
+    steps:
+      - name: Label PR
+        uses: andymckay/labeler@e6c4322d0397f3240f0e7e30a33b5c5df2d39e90
+        with:
+          add-labels: ${{ matrix.label }}