From 9b6a813b39ac0a56f30a06498111644c17af7c60 Mon Sep 17 00:00:00 2001 From: Lam Nguyen Date: Mon, 21 Jul 2025 10:57:21 -0700 Subject: [PATCH 1/4] feat: Add new workflow to block direct module reference changes --- .github/workflows/block-changes.yml | 30 +++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/block-changes.yml diff --git a/.github/workflows/block-changes.yml b/.github/workflows/block-changes.yml new file mode 100644 index 000000000..3c9c9afe1 --- /dev/null +++ b/.github/workflows/block-changes.yml @@ -0,0 +1,30 @@ +name: Block specific changes + +on: + pull_request: + +jobs: + block-direct-markdown-module-changes: + name: Block modifying Markdown Module Reference files directly + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4.2.2 + with: + fetch-depth: 0 + - name: Check for changes in /nginx/module_reference + id: check_module_changes + run: | + FOLDER_DIR="content/nginx/module_reference" + git diff origin/main -- $FOLDER_DIR > changes.txt + + if [[ -s changes.txt ]]; then + echo "Changes detected for $FOLDER_DIR" + echo "CHANGES_DETECTED=true" >> $GITHUB_OUTPUT + else + echo "CHANGES_DETECTED=false" >> $GITHUB_OUTPUT + fi + - name: Fail job and generate PR comment if changes detected + if: steps.check_module_changes.outputs.CHANGES_DETECTED == 'true' + run: | + echo "Hi" From 73b299b8b31cf0056087d4439b9f8066d65ad3f0 Mon Sep 17 00:00:00 2001 From: Lam Nguyen Date: Mon, 21 Jul 2025 11:06:16 -0700 Subject: [PATCH 2/4] Add code to comment on PR + fail if changes detected --- .github/workflows/block-changes.yml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/block-changes.yml b/.github/workflows/block-changes.yml index 3c9c9afe1..f12470029 100644 --- a/.github/workflows/block-changes.yml +++ b/.github/workflows/block-changes.yml @@ -7,6 +7,8 @@ jobs: block-direct-markdown-module-changes: name: Block modifying Markdown Module Reference files directly runs-on: ubuntu-latest + permissions: + contents: read steps: - name: Checkout repository uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4.2.2 @@ -24,7 +26,19 @@ jobs: else echo "CHANGES_DETECTED=false" >> $GITHUB_OUTPUT fi - - name: Fail job and generate PR comment if changes detected + - name: Generate PR comment if changes detected + if: steps.check_module_changes.outputs.CHANGES_DETECTED == 'true' + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + script: | + const body = `This PR is blocked from being reviewed. Please make direct changes to module_references from the upstream XML in https://github.com/nginx/nginx.org`; + await github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: body, + }); + - name: Fail job if changes detected if: steps.check_module_changes.outputs.CHANGES_DETECTED == 'true' run: | - echo "Hi" + exit 0 From 1011f433e458192d84145d1dc2b585c31af7dea0 Mon Sep 17 00:00:00 2001 From: Lam Nguyen Date: Mon, 21 Jul 2025 12:43:51 -0700 Subject: [PATCH 3/4] Added exemption code --- .github/workflows/block-changes.yml | 30 +++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/.github/workflows/block-changes.yml b/.github/workflows/block-changes.yml index f12470029..a7b525755 100644 --- a/.github/workflows/block-changes.yml +++ b/.github/workflows/block-changes.yml @@ -26,8 +26,34 @@ jobs: else echo "CHANGES_DETECTED=false" >> $GITHUB_OUTPUT fi + - name: Check for exemption for PR created by dot-org-content workflow + id: check_exemption + run: | + LABELS=$(jq -r '.pull_request.labels[].name' "$GITHUB_EVENT_PATH" || echo "") + AUTHOR=$(jq -r '.pull_request.user.login' "$GITHUB_EVENT_PATH") + TITLE=$(jq -r '.pull_request.title' "$GITHUB_EVENT_PATH") + ACCEPTED_LABEL="module_reference" + ACCEPTED_AUTHOR="github-actions" + ACCEPTED_TITLE="NGINX Plus - Module Ref" + + EXEMPTION=false + + if echo "$LABELS" | grep -q "$ACCEPTED_LABEL"; then + echo "Label match..." + EXEMPTION=true + fi + if [[ "$AUTHOR" == "$ACCEPTED_AUTHOR" ]]; then + echo "Author match..." + EXEMPTION=true + fi + if [[ "$TITLE" == *"${ACCEPTED_TITLE}"* ]]; then + echo "Title match..." + EXEMPTION=true + fi + + echo "EXEMPTION=$EXEMPTION" >> $GITHUB_OUTPUT - name: Generate PR comment if changes detected - if: steps.check_module_changes.outputs.CHANGES_DETECTED == 'true' + if: steps.check_module_changes.outputs.CHANGES_DETECTED == 'true' && steps.check_exemption.outputs.EXEMPTION == 'false' uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | @@ -39,6 +65,6 @@ jobs: body: body, }); - name: Fail job if changes detected - if: steps.check_module_changes.outputs.CHANGES_DETECTED == 'true' + if: steps.check_module_changes.outputs.CHANGES_DETECTED == 'true' && steps.check_exemption.outputs.EXEMPTION == 'false' run: | exit 0 From 744b4da0fccdf51ddd0c5e0f24545066389d85f0 Mon Sep 17 00:00:00 2001 From: Lam Nguyen Date: Wed, 23 Jul 2025 14:59:26 -0700 Subject: [PATCH 4/4] Corrected exit code --- .github/workflows/block-changes.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/block-changes.yml b/.github/workflows/block-changes.yml index a7b525755..a31ef0b5a 100644 --- a/.github/workflows/block-changes.yml +++ b/.github/workflows/block-changes.yml @@ -67,4 +67,4 @@ jobs: - name: Fail job if changes detected if: steps.check_module_changes.outputs.CHANGES_DETECTED == 'true' && steps.check_exemption.outputs.EXEMPTION == 'false' run: | - exit 0 + exit 1