First iteration of sign off testing

2021-09-29 14:32:01 +02:00 · 2021-09-29 14:32:01 +02:00 · 38bae09f82
commit 38bae09f82
parent 75b63ea179
2 changed files with 48 additions and 1 deletions
--- a/.github/workflows/signoff_mr.yml
+++ b/.github/workflows/signoff_mr.yml
@ -0,0 +1,47 @@
+on: issue_comment
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/github-script@0.3.0
+        if: github.event.action == 'created'
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const isValidSignOff = (
+              context.payload.action === 'created' &&
+              context.payload.issue.pull_request &&
+              context.payload.comment.user.id === context.payload.issue.user.id &&
+              context.payload.comment.body === '/signoff'
+            )
+            if (!isValidSignOff) return
+            const pr = await github.pulls.get({
+              ...context.repo,
+              pull_number: context.payload.issue.number
+            })
+            const commits = await github.pulls.listCommits({
+              ...context.repo,
+              pull_number: context.payload.issue.number
+            })
+            const baseCommit = await github.git.getCommit({
+              ...context.repo,
+              commit_sha: pr.data.head.sha
+            })
+            const tree = await github.git.getTree({
+              ...context.repo,
+              tree_sha: baseCommit.data.tree.sha
+            })
+            const commitLines = commits.data.map(item => `- ${item.sha.slice(0, 6)}: ${item.commit.message}`).join('\n')
+            const header = `I, @${context.payload.comment.user.login}, hereby signoff on these commits:`
+            const newCommit = await github.git.createCommit({
+              ...context.repo,
+              message: `${header}\n\n${commitLines}`,
+              tree: tree.data.sha,
+              parents: [pr.data.head.sha]
+            })
+            await github.git.updateRef({
+              ...context.repo,
+              ref: `heads/${pr.data.head.ref}`,
+              sha: newCommit.data.sha
+            })
--- a/PULL_REQUEST_TEMPLATE.md
+++ b/PULL_REQUEST_TEMPLATE.md
@ -1,7 +1,7 @@
 Thank you for submitting a Pull Request to the WebGoat. Please make sure that:

 - [ ] Status checks have passed (e.g. packaging, linting, testing are fine)
- [ ] Commits are [signed off ](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt--s)
+- [ ] Commits are [signed off ](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt--s) or [`/signoff` is provided as a comment](https://github.com/JasonEtco/signoff-commit-action).

 If your PR is related to an issue. Please end your PR test with the following line:
 This PR closes #< insert number here >.