1# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. 2# 3# Licensed under the Apache License 2.0 (the "License"). You may not use 4# this file except in compliance with the License. You can obtain a copy 5# in the file LICENSE in the source distribution or at 6# https://www.openssl.org/source/license.html 7 8name: FIPS Changed Label 9on: 10 workflow_run: 11 workflows: ["FIPS Checksums"] 12 types: 13 - completed 14 15permissions: 16 contents: read 17 18jobs: 19 apply-label: 20 permissions: 21 actions: read 22 pull-requests: write 23 runs-on: ubuntu-latest 24 if: ${{ github.event.workflow_run.event == 'pull_request' }} 25 steps: 26 - name: 'Download artifact' 27 if: ${{ github.event.workflow_run.conclusion == 'success' }} 28 uses: actions/github-script@v4 29 with: 30 script: | 31 var artifacts = await github.actions.listWorkflowRunArtifacts({ 32 owner: context.repo.owner, 33 repo: context.repo.repo, 34 run_id: ${{github.event.workflow_run.id }}, 35 }); 36 var matchArtifact = artifacts.data.artifacts.filter((artifact) => { 37 return artifact.name == "fips_checksum" 38 })[0]; 39 var download = await github.actions.downloadArtifact({ 40 owner: context.repo.owner, 41 repo: context.repo.repo, 42 artifact_id: matchArtifact.id, 43 archive_format: 'zip', 44 }); 45 var fs = require('fs'); 46 fs.writeFileSync('${{github.workspace}}/artifact.zip', Buffer.from(download.data)); 47 - run: unzip artifact.zip 48 if: ${{ github.event.workflow_run.conclusion == 'success' }} 49 - name: 'Check artifact and apply' 50 if: ${{ github.event.workflow_run.conclusion == 'success' }} 51 uses: actions/github-script@v4 52 with: 53 github-token: ${{secrets.GITHUB_TOKEN}} 54 script: | 55 var fs = require('fs'); 56 var pr_num = Number(fs.readFileSync('./pr_num')); 57 if ( fs.existsSync('./fips_changed') ) { 58 github.issues.addLabels({ 59 issue_number: pr_num, 60 owner: context.repo.owner, 61 repo: context.repo.repo, 62 labels: ['severity: fips change'] 63 }); 64 } else if ( fs.existsSync('./fips_unchanged') ) { 65 var labels = await github.issues.listLabelsOnIssue({ 66 issue_number: pr_num, 67 owner: context.repo.owner, 68 repo: context.repo.repo 69 }); 70 71 for ( var label in labels.data ) { 72 if (labels.data[label].name == 'severity: fips change') { 73 github.issues.removeLabel({ 74 issue_number: pr_num, 75 owner: context.repo.owner, 76 repo: context.repo.repo, 77 name: 'severity: fips change' 78 }); 79 } 80 } 81 } 82