xref: /openssl/.github/workflows/fips-label.yml (revision c6e7f427) 
1# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
2#
3# Licensed under the Apache License 2.0 (the "License").  You may not use
4# this file except in compliance with the License.  You can obtain a copy
5# in the file LICENSE in the source distribution or at
6# https://www.openssl.org/source/license.html
7
8name: FIPS Changed Label
9on:
10  workflow_run:
11    workflows: ["FIPS Checksums"]
12    types:
13      - completed
14
15permissions:
16  contents: read
17
18jobs:
19  apply-label:
20    permissions:
21      actions: read
22      pull-requests: write
23    runs-on: ubuntu-latest
24    if: ${{ github.event.workflow_run.event == 'pull_request' }}
25    steps:
26      - name: 'Download artifact'
27        if: ${{ github.event.workflow_run.conclusion == 'success' }}
28        uses: actions/github-script@v4
29        with:
30          script: |
31            var artifacts = await github.actions.listWorkflowRunArtifacts({
32               owner: context.repo.owner,
33               repo: context.repo.repo,
34               run_id: ${{github.event.workflow_run.id }},
35            });
36            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
37              return artifact.name == "fips_checksum"
38            })[0];
39            var download = await github.actions.downloadArtifact({
40               owner: context.repo.owner,
41               repo: context.repo.repo,
42               artifact_id: matchArtifact.id,
43               archive_format: 'zip',
44            });
45            var fs = require('fs');
46            fs.writeFileSync('${{github.workspace}}/artifact.zip', Buffer.from(download.data));
47      - run: unzip artifact.zip
48        if: ${{ github.event.workflow_run.conclusion == 'success' }}
49      - name: 'Check artifact and apply'
50        if: ${{ github.event.workflow_run.conclusion == 'success' }}
51        uses: actions/github-script@v4
52        with:
53          github-token: ${{secrets.GITHUB_TOKEN}}
54          script: |
55            var fs = require('fs');
56            var pr_num = Number(fs.readFileSync('./pr_num'));
57            if ( fs.existsSync('./fips_changed') ) {
58              github.issues.addLabels({
59                issue_number: pr_num,
60                owner: context.repo.owner,
61                repo: context.repo.repo,
62                labels: ['severity: fips change']
63              });
64            } else if ( fs.existsSync('./fips_unchanged') ) {
65              var labels = await github.issues.listLabelsOnIssue({
66                issue_number: pr_num,
67                owner: context.repo.owner,
68                repo: context.repo.repo
69              });
70
71              for ( var label in labels.data ) {
72                if (labels.data[label].name == 'severity: fips change') {
73                  github.issues.removeLabel({
74                    issue_number: pr_num,
75                    owner: context.repo.owner,
76                    repo: context.repo.repo,
77                    name: 'severity: fips change'
78                  });
79                }
80              }
81            }
82