1# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. 2# 3# Licensed under the Apache License 2.0 (the "License"). You may not use 4# this file except in compliance with the License. You can obtain a copy 5# in the file LICENSE in the source distribution or at 6# https://www.openssl.org/source/license.html 7 8name: FIPS and ABI Changed Label 9on: 10 workflow_run: 11 workflows: ["FIPS Check and ABIDIFF"] 12 types: 13 - completed 14 15permissions: 16 contents: read 17 18jobs: 19 apply-label: 20 permissions: 21 actions: read 22 pull-requests: write 23 runs-on: ubuntu-latest 24 if: ${{ github.event.workflow_run.event == 'pull_request' }} 25 steps: 26 - name: 'Download fipscheck artifact' 27 if: ${{ github.event.workflow_run.conclusion == 'success' }} 28 uses: actions/github-script@v7 29 with: 30 script: | 31 var artifacts = await github.rest.actions.listWorkflowRunArtifacts({ 32 owner: context.repo.owner, 33 repo: context.repo.repo, 34 run_id: ${{github.event.workflow_run.id }}, 35 }); 36 var matchArtifact = artifacts.data.artifacts.filter((artifact) => { 37 return artifact.name == "fips_checksum" 38 })[0]; 39 var download = await github.rest.actions.downloadArtifact({ 40 owner: context.repo.owner, 41 repo: context.repo.repo, 42 artifact_id: matchArtifact.id, 43 archive_format: 'zip', 44 }); 45 var fs = require('fs'); 46 fs.writeFileSync('${{github.workspace}}/artifact.zip', Buffer.from(download.data)); 47 - run: unzip artifact.zip 48 if: ${{ github.event.workflow_run.conclusion == 'success' }} 49 - name: 'Check artifact and apply' 50 if: ${{ github.event.workflow_run.conclusion == 'success' }} 51 uses: actions/github-script@v7 52 with: 53 github-token: ${{secrets.GITHUB_TOKEN}} 54 script: | 55 var fs = require('fs'); 56 var pr_num = Number(fs.readFileSync('./pr_num')); 57 if ( fs.existsSync('./fips_changed') ) { 58 github.rest.issues.addLabels({ 59 issue_number: pr_num, 60 owner: context.repo.owner, 61 repo: context.repo.repo, 62 labels: ['severity: fips change'] 63 }); 64 } else if ( fs.existsSync('./fips_unchanged') ) { 65 var labels = await github.rest.issues.listLabelsOnIssue({ 66 issue_number: pr_num, 67 owner: context.repo.owner, 68 repo: context.repo.repo 69 }); 70 71 for ( var label in labels.data ) { 72 if (labels.data[label].name == 'severity: fips change') { 73 github.rest.issues.removeLabel({ 74 issue_number: pr_num, 75 owner: context.repo.owner, 76 repo: context.repo.repo, 77 name: 'severity: fips change' 78 }); 79 } 80 } 81 } 82 - name: 'Cleanup artifact' 83 run: rm artifact.zip pr_num 84 85 - name: 'Download abidiff artifact' 86 if: ${{ github.event.workflow_run.conclusion == 'success' }} 87 uses: actions/github-script@v7 88 with: 89 script: | 90 var artifacts = await github.rest.actions.listWorkflowRunArtifacts({ 91 owner: context.repo.owner, 92 repo: context.repo.repo, 93 run_id: ${{github.event.workflow_run.id }}, 94 }); 95 var matchArtifact = artifacts.data.artifacts.filter((artifact) => { 96 return artifact.name == "abidiff" 97 })[0]; 98 var download = await github.rest.actions.downloadArtifact({ 99 owner: context.repo.owner, 100 repo: context.repo.repo, 101 artifact_id: matchArtifact.id, 102 archive_format: 'zip', 103 }); 104 var fs = require('fs'); 105 fs.writeFileSync('${{github.workspace}}/artifact.zip', Buffer.from(download.data)); 106 - run: unzip artifact.zip 107 if: ${{ github.event.workflow_run.conclusion == 'success' }} 108 - name: 'Check artifact and apply' 109 if: ${{ github.event.workflow_run.conclusion == 'success' }} 110 uses: actions/github-script@v7 111 with: 112 github-token: ${{secrets.GITHUB_TOKEN}} 113 script: | 114 var fs = require('fs'); 115 var pr_num = Number(fs.readFileSync('./pr_num')); 116 if ( fs.existsSync('./abi_changed') ) { 117 github.rest.issues.addLabels({ 118 issue_number: pr_num, 119 owner: context.repo.owner, 120 repo: context.repo.repo, 121 labels: ['severity: ABI change'] 122 }); 123 } else if ( fs.existsSync('./abi_unchanged') ) { 124 var labels = await github.rest.issues.listLabelsOnIssue({ 125 issue_number: pr_num, 126 owner: context.repo.owner, 127 repo: context.repo.repo 128 }); 129 130 for ( var label in labels.data ) { 131 if (labels.data[label].name == 'severity: ABI change') { 132 github.rest.issues.removeLabel({ 133 issue_number: pr_num, 134 owner: context.repo.owner, 135 repo: context.repo.repo, 136 name: 'severity: fips change' 137 }); 138 } 139 } 140 } 141