From bbed53f18c838ca308a9c134c236460082f1d9c1 Mon Sep 17 00:00:00 2001 From: Edwin Jose Date: Tue, 23 Dec 2025 14:00:55 -0500 Subject: [PATCH 01/13] pr workflows --- .github/changes-filter.yaml | 54 ++++++++++++++++ .github/labeler.yml | 26 ++++++++ .github/release.yml | 36 +++++++++++ .github/semantic.yml | 3 + .github/workflows/add-labels.yml | 66 ++++++++++++++++++++ .github/workflows/auto-delete-branch.yml | 39 ++++++++++++ .github/workflows/community-label.yml | 28 +++++++++ .github/workflows/conventional-labels.yml | 75 +++++++++++++++++++++++ .github/workflows/labeler.yml | 17 +++++ .github/workflows/pr-checks.yml | 29 +++++++++ 10 files changed, 373 insertions(+) create mode 100644 .github/changes-filter.yaml create mode 100644 .github/labeler.yml create mode 100644 .github/release.yml create mode 100644 .github/semantic.yml create mode 100644 .github/workflows/add-labels.yml create mode 100644 .github/workflows/auto-delete-branch.yml create mode 100644 .github/workflows/community-label.yml create mode 100644 .github/workflows/conventional-labels.yml create mode 100644 .github/workflows/labeler.yml create mode 100644 .github/workflows/pr-checks.yml diff --git a/.github/changes-filter.yaml b/.github/changes-filter.yaml new file mode 100644 index 00000000..9039979d --- /dev/null +++ b/.github/changes-filter.yaml @@ -0,0 +1,54 @@ +# https://github.com/dorny/paths-filter +python: + - "src/**" + - "src/**.py" + - "pyproject.toml" + - "uv.lock" + - "**/test-integration.yml" + +frontend: + - "frontend/**" + - "frontend/**.ts" + - "frontend/**.tsx" + - "frontend/package.json" + - "frontend/package-lock.json" + +docs: + - "docs/**" + +docker: + - "docker-compose*.yml" + - "Dockerfile*" + - "uv.lock" + - "pyproject.toml" + - "src/**" + - "frontend/**" + - ".dockerignore" + +tests: + - "tests/**" + - "src/**" + +api: + - "src/api/**" + - "src/main.py" + +services: + - "src/services/**" + +connectors: + - "src/connectors/**" + +flows: + - "flows/**" + +config: + - "config/**" + - "securityconfig/**" + +sdks: + - "sdks/**" + +scripts: + - "scripts/**" + diff --git a/.github/labeler.yml b/.github/labeler.yml new file mode 100644 index 00000000..a30df01a --- /dev/null +++ b/.github/labeler.yml @@ -0,0 +1,26 @@ +frontend: + - changed-files: + - any-glob-to-any-file: 'frontend/**' + +backend: + - changed-files: + - any-glob-to-any-file: 'src/**' + +documentation: + - changed-files: + - any-glob-to-any-file: 'docs/**' + +ci: + - changed-files: + - any-glob-to-any-file: '.github/**' + +tests: + - changed-files: + - any-glob-to-any-file: 'tests/**' + +docker: + - changed-files: + - any-glob-to-any-file: + - 'Dockerfile*' + - 'docker-compose*.yml' + diff --git a/.github/release.yml b/.github/release.yml new file mode 100644 index 00000000..674f872d --- /dev/null +++ b/.github/release.yml @@ -0,0 +1,36 @@ +changelog: + categories: + - title: 🚨 Breaking Changes + description: Changes that break existing functionality + labels: + - breaking + - title: ✨ New Features + description: New features and enhancements + labels: + - enhancement + - title: 🐛 Bug Fixes + description: Bug fixes and patches + labels: + - fix + - bug + - title: 📝 Documentation Updates + description: Changes to documentation + labels: + - documentation + - title: 🛠 Maintenance Tasks + description: Maintenance tasks and housekeeping + labels: + - chore + - refactor + - style + - performance + - build + - title: ✅ Tests + description: Changes to tests + labels: + - test + - title: Others + description: Other changes + labels: + - "*" + diff --git a/.github/semantic.yml b/.github/semantic.yml new file mode 100644 index 00000000..63e14e9c --- /dev/null +++ b/.github/semantic.yml @@ -0,0 +1,3 @@ +titleOnly: true +targetUrl: https://www.conventionalcommits.org/en/v1.0.0/#summary + diff --git a/.github/workflows/add-labels.yml b/.github/workflows/add-labels.yml new file mode 100644 index 00000000..94968037 --- /dev/null +++ b/.github/workflows/add-labels.yml @@ -0,0 +1,66 @@ +name: Manage Review Labels + +on: + pull_request_review: + types: [submitted] + +jobs: + label-on-review: + runs-on: ubuntu-latest + permissions: + pull-requests: write + issues: write + steps: + - name: Manage LGTM Review Label + uses: actions/github-script@v7 + with: + script: | + const LGTM_LABEL = 'lgtm'; + + // Extract review details + const { state: reviewState } = context.payload.review; + const pullRequestNumber = context.payload.pull_request.number; + const repoDetails = { + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: pullRequestNumber + }; + + // Log review information + console.log(`Processing review for PR #${pullRequestNumber}`); + console.log(`Review state: ${reviewState}`); + + // Helper function to check for LGTM label + async function hasLgtmLabel() { + const { data: labels } = await github.rest.issues.listLabelsOnIssue(repoDetails); + return labels.some(label => label.name === LGTM_LABEL); + } + + if (reviewState === 'approved') { + const lgtmExists = await hasLgtmLabel(); + + if (!lgtmExists) { + console.log(`Adding ${LGTM_LABEL} label to PR #${pullRequestNumber}`); + await github.rest.issues.addLabels({ + ...repoDetails, + labels: [LGTM_LABEL] + }); + console.log('Label added successfully'); + } else { + console.log(`${LGTM_LABEL} label already exists`); + } + } else if (reviewState === 'changes_requested') { + const lgtmExists = await hasLgtmLabel(); + + if (lgtmExists) { + console.log(`Removing ${LGTM_LABEL} label from PR #${pullRequestNumber}`); + await github.rest.issues.removeLabel({ + ...repoDetails, + name: LGTM_LABEL + }); + console.log('Label removed successfully'); + } else { + console.log(`No ${LGTM_LABEL} label to remove`); + } + } + diff --git a/.github/workflows/auto-delete-branch.yml b/.github/workflows/auto-delete-branch.yml new file mode 100644 index 00000000..65e2aa58 --- /dev/null +++ b/.github/workflows/auto-delete-branch.yml @@ -0,0 +1,39 @@ +name: Auto Delete Merged Branch + +on: + pull_request: + types: [closed] + +jobs: + delete-branch: + if: github.event.pull_request.merged == true + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - name: Delete merged branch + uses: actions/github-script@v7 + with: + script: | + const branchName = context.payload.pull_request.head.ref; + const owner = context.repo.owner; + const repo = context.repo.repo; + + // Don't delete main/master/develop branches + const protectedBranches = ['main', 'master', 'develop']; + if (protectedBranches.includes(branchName)) { + console.log(`Skipping deletion of protected branch: ${branchName}`); + return; + } + + try { + await github.rest.git.deleteRef({ + owner, + repo, + ref: `heads/${branchName}` + }); + console.log(`Successfully deleted branch: ${branchName}`); + } catch (error) { + console.log(`Could not delete branch ${branchName}: ${error.message}`); + } + diff --git a/.github/workflows/community-label.yml b/.github/workflows/community-label.yml new file mode 100644 index 00000000..bbaeb33a --- /dev/null +++ b/.github/workflows/community-label.yml @@ -0,0 +1,28 @@ +name: Add Community Label + +on: + pull_request_target: + types: [opened] + +jobs: + add-label: + runs-on: ubuntu-latest + permissions: + pull-requests: write + steps: + - name: Add community label + if: github.event.pull_request.author_association != 'MEMBER' && github.event.pull_request.author_association != 'OWNER' && github.event.pull_request.author_association != 'COLLABORATOR' + uses: actions/github-script@v7 + with: + script: | + const pullRequestNumber = context.payload.pull_request.number; + const repoDetails = { + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: pullRequestNumber + }; + await github.rest.issues.addLabels({ + ...repoDetails, + labels: ['community'] + }); + diff --git a/.github/workflows/conventional-labels.yml b/.github/workflows/conventional-labels.yml new file mode 100644 index 00000000..d0015430 --- /dev/null +++ b/.github/workflows/conventional-labels.yml @@ -0,0 +1,75 @@ +# Warning, do not check out untrusted code with +# the pull_request_target event. +name: Label PRs with Conventional Commits +on: + pull_request_target: + types: [opened, edited, synchronize] + merge_group: + +jobs: + validate-pr-title: + name: Validate PR Title + runs-on: ubuntu-latest + steps: + - name: Validate PR title follows Conventional Commits + id: validate + uses: Namchee/conventional-pr@v0.15.6 + with: + access_token: ${{ secrets.GITHUB_TOKEN }} + issue: false + + validate-pr-description: + name: Validate PR Description + runs-on: ubuntu-latest + permissions: + pull-requests: read + steps: + - name: Check PR Description + uses: actions/github-script@v7 + with: + script: | + const body = context.payload.pull_request.body || ''; + const title = context.payload.pull_request.title || ''; + const prNumber = context.payload.pull_request.number; + + console.log(`Checking PR #${prNumber}: ${title}`); + + // Skip validation for bot PRs + if (context.payload.pull_request.user.type === 'Bot') { + console.log('Skipping validation for bot PR'); + return; + } + + // Check minimum description length (at least 10 characters) + const minLength = 10; + if (body.trim().length < minLength) { + core.setFailed(`PR description is too short. Please provide a meaningful description (at least ${minLength} characters).`); + return; + } + + // Check for empty or placeholder descriptions + const placeholderPatterns = [ + /^[\s\n]*$/, + /^(n\/a|na|none|no description|todo|tbd|wip)$/i, + /^[\-\*\s]*$/ + ]; + + for (const pattern of placeholderPatterns) { + if (pattern.test(body.trim())) { + core.setFailed('PR description appears to be empty or a placeholder. Please provide a meaningful description.'); + return; + } + } + + console.log('PR description validation passed!'); + + label: + needs: [validate-pr-title, validate-pr-description] + name: Label PR + runs-on: ubuntu-latest + if: ${{ github.event.pull_request.user.type != 'Bot'}} + steps: + - uses: bcoe/conventional-release-labels@v1 + with: + type_labels: '{"feat": "enhancement","fix": "bug","docs": "documentation","style": "style","refactor": "refactor","perf": "performance","test": "test","chore": "chore","build": "build"}' + diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml new file mode 100644 index 00000000..18e401f1 --- /dev/null +++ b/.github/workflows/labeler.yml @@ -0,0 +1,17 @@ +name: PR Labeler + +on: + pull_request: + types: [opened, synchronize] + +jobs: + labeler: + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + steps: + - uses: actions/labeler@v5 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml new file mode 100644 index 00000000..84e270f7 --- /dev/null +++ b/.github/workflows/pr-checks.yml @@ -0,0 +1,29 @@ +name: PR Title Check + +on: + pull_request: + types: [opened, edited, synchronize, reopened] + +jobs: + validate-title: + runs-on: ubuntu-latest + steps: + - uses: amannn/action-semantic-pull-request@v5 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + types: | + feat + fix + docs + style + refactor + perf + test + build + ci + chore + revert + requireScope: false + subjectPattern: ^.+$ + From 0bc023a877f94c6a9f44308ab87712bc6acd1d1b Mon Sep 17 00:00:00 2001 From: Edwin Jose Date: Tue, 23 Dec 2025 13:09:05 -0600 Subject: [PATCH 02/13] Update .github/workflows/community-label.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/community-label.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/community-label.yml b/.github/workflows/community-label.yml index bbaeb33a..3740e983 100644 --- a/.github/workflows/community-label.yml +++ b/.github/workflows/community-label.yml @@ -2,6 +2,8 @@ name: Add Community Label on: pull_request_target: + # NOTE: pull_request_target is required to have write permissions to add labels on PRs from forks. + # This workflow must not be modified to check out or execute untrusted PR code, as it runs with base repo permissions. types: [opened] jobs: From eb396f3766f3af63467cabe9866aaafbdc17e32d Mon Sep 17 00:00:00 2001 From: Edwin Jose Date: Tue, 23 Dec 2025 14:13:01 -0500 Subject: [PATCH 03/13] Update conventional-labels.yml --- .github/workflows/conventional-labels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/conventional-labels.yml b/.github/workflows/conventional-labels.yml index d0015430..0707429f 100644 --- a/.github/workflows/conventional-labels.yml +++ b/.github/workflows/conventional-labels.yml @@ -64,7 +64,7 @@ jobs: console.log('PR description validation passed!'); label: - needs: [validate-pr-title, validate-pr-description] + needs: [validate-pr-title] name: Label PR runs-on: ubuntu-latest if: ${{ github.event.pull_request.user.type != 'Bot'}} From f1b18c81d4c5b32f969101046eaa9cc4c05ef6d0 Mon Sep 17 00:00:00 2001 From: Edwin Jose Date: Tue, 23 Dec 2025 13:33:31 -0600 Subject: [PATCH 04/13] Update .github/changes-filter.yaml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/changes-filter.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/changes-filter.yaml b/.github/changes-filter.yaml index 9039979d..3058ea00 100644 --- a/.github/changes-filter.yaml +++ b/.github/changes-filter.yaml @@ -1,7 +1,6 @@ # https://github.com/dorny/paths-filter python: - "src/**" - - "src/**.py" - "pyproject.toml" - "uv.lock" - "**/test-integration.yml" From 54815fd0080778041cf22a88f2e3cfed8d501337 Mon Sep 17 00:00:00 2001 From: Edwin Jose Date: Tue, 23 Dec 2025 13:33:48 -0600 Subject: [PATCH 05/13] Update .github/changes-filter.yaml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/changes-filter.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/changes-filter.yaml b/.github/changes-filter.yaml index 3058ea00..e6b8c971 100644 --- a/.github/changes-filter.yaml +++ b/.github/changes-filter.yaml @@ -7,8 +7,6 @@ python: frontend: - "frontend/**" - - "frontend/**.ts" - - "frontend/**.tsx" - "frontend/package.json" - "frontend/package-lock.json" From de5c90530fd33bd3d9083d8024a982a8eb233e3c Mon Sep 17 00:00:00 2001 From: Edwin Jose Date: Fri, 26 Dec 2025 10:58:52 -0600 Subject: [PATCH 06/13] Update .github/workflows/labeler.yml Co-authored-by: Madhavan --- .github/workflows/labeler.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 18e401f1..094b3dec 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -11,7 +11,7 @@ jobs: contents: read pull-requests: write steps: - - uses: actions/labeler@v5 + - uses: actions/labeler@v6.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} From f4fb6d5e93fa7ffe93248d8de6b53a6ec315c4c7 Mon Sep 17 00:00:00 2001 From: Edwin Jose Date: Fri, 26 Dec 2025 10:59:22 -0600 Subject: [PATCH 07/13] Update .github/workflows/community-label.yml Co-authored-by: Madhavan --- .github/workflows/community-label.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/community-label.yml b/.github/workflows/community-label.yml index 3740e983..3cf4a0fc 100644 --- a/.github/workflows/community-label.yml +++ b/.github/workflows/community-label.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Add community label if: github.event.pull_request.author_association != 'MEMBER' && github.event.pull_request.author_association != 'OWNER' && github.event.pull_request.author_association != 'COLLABORATOR' - uses: actions/github-script@v7 + uses: actions/github-script@v8.0 with: script: | const pullRequestNumber = context.payload.pull_request.number; From fd8b84608f11098552c49807f86fbc14409ce2b7 Mon Sep 17 00:00:00 2001 From: Edwin Jose Date: Fri, 26 Dec 2025 11:00:00 -0600 Subject: [PATCH 08/13] Update .github/workflows/pr-checks.yml Co-authored-by: Madhavan --- .github/workflows/pr-checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 84e270f7..2a4e8ef5 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -8,7 +8,7 @@ jobs: validate-title: runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@v5 + - uses: amannn/action-semantic-pull-request@v6.1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: From ca989fe49a0c3d61d5d74324621200d344a2d8ab Mon Sep 17 00:00:00 2001 From: Edwin Jose Date: Fri, 26 Dec 2025 11:00:15 -0600 Subject: [PATCH 09/13] Update .github/workflows/conventional-labels.yml Co-authored-by: Madhavan --- .github/workflows/conventional-labels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/conventional-labels.yml b/.github/workflows/conventional-labels.yml index 0707429f..e320df7e 100644 --- a/.github/workflows/conventional-labels.yml +++ b/.github/workflows/conventional-labels.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Validate PR title follows Conventional Commits id: validate - uses: Namchee/conventional-pr@v0.15.6 + uses: Namchee/conventional-pr@v0.15 with: access_token: ${{ secrets.GITHUB_TOKEN }} issue: false From ae88880f61374fc5d31dc9a559822f40b33d089c Mon Sep 17 00:00:00 2001 From: Edwin Jose Date: Fri, 26 Dec 2025 11:00:26 -0600 Subject: [PATCH 10/13] Update .github/workflows/conventional-labels.yml Co-authored-by: Madhavan --- .github/workflows/conventional-labels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/conventional-labels.yml b/.github/workflows/conventional-labels.yml index e320df7e..10f761e6 100644 --- a/.github/workflows/conventional-labels.yml +++ b/.github/workflows/conventional-labels.yml @@ -25,7 +25,7 @@ jobs: pull-requests: read steps: - name: Check PR Description - uses: actions/github-script@v7 + uses: actions/github-script@v8.0 with: script: | const body = context.payload.pull_request.body || ''; From 88b7b563ee762d144de07887054470a79aec2d66 Mon Sep 17 00:00:00 2001 From: Edwin Jose Date: Fri, 26 Dec 2025 11:00:35 -0600 Subject: [PATCH 11/13] Update .github/workflows/add-labels.yml Co-authored-by: Madhavan --- .github/workflows/add-labels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/add-labels.yml b/.github/workflows/add-labels.yml index 94968037..0ac38b83 100644 --- a/.github/workflows/add-labels.yml +++ b/.github/workflows/add-labels.yml @@ -12,7 +12,7 @@ jobs: issues: write steps: - name: Manage LGTM Review Label - uses: actions/github-script@v7 + uses: actions/github-script@v8.0 with: script: | const LGTM_LABEL = 'lgtm'; From 31285d0f8b154c1e3aa3b47dcc107df02948bf5f Mon Sep 17 00:00:00 2001 From: Edwin Jose Date: Fri, 26 Dec 2025 11:00:42 -0600 Subject: [PATCH 12/13] Update .github/workflows/auto-delete-branch.yml Co-authored-by: Madhavan --- .github/workflows/auto-delete-branch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/auto-delete-branch.yml b/.github/workflows/auto-delete-branch.yml index 65e2aa58..b30f5b75 100644 --- a/.github/workflows/auto-delete-branch.yml +++ b/.github/workflows/auto-delete-branch.yml @@ -12,7 +12,7 @@ jobs: contents: write steps: - name: Delete merged branch - uses: actions/github-script@v7 + uses: actions/github-script@v8.0 with: script: | const branchName = context.payload.pull_request.head.ref; From 981cfae3a6a756d7363665966006e4187191b6f8 Mon Sep 17 00:00:00 2001 From: Edwin Jose Date: Fri, 26 Dec 2025 11:00:54 -0600 Subject: [PATCH 13/13] Update .github/workflows/conventional-labels.yml Co-authored-by: Madhavan --- .github/workflows/conventional-labels.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/conventional-labels.yml b/.github/workflows/conventional-labels.yml index 10f761e6..92c1bf36 100644 --- a/.github/workflows/conventional-labels.yml +++ b/.github/workflows/conventional-labels.yml @@ -1,4 +1,5 @@ -# Warning, do not check out untrusted code with +# NOTE: pull_request_target is required to have write permissions to add labels on PRs from forks. +# This workflow must not be modified to check out or execute untrusted PR code, as it runs with base repo permissions. # the pull_request_target event. name: Label PRs with Conventional Commits on: