Add check validator for owaspTop10Training
#12
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Check Compliance Checks | |
on: | |
pull_request: | |
types: [opened, synchronize] | |
paths: | |
- 'src/checks/**' | |
permissions: | |
issues: write | |
pull-requests: write | |
jobs: | |
check-compliance-checks: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Check and add comment to PR | |
uses: actions/github-script@v4 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
const { data: comments } = await github.issues.listComments({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
issue_number: context.issue.number, | |
}); | |
const commentExists = comments.some(comment => | |
comment.body.includes("It looks like you've made changes to the compliance checks.") | |
); | |
if (!commentExists) { | |
await github.issues.createComment({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
issue_number: context.issue.number, | |
body: "It looks like you've made changes to the compliance checks. Thanks for your contribution!\n" + | |
"Here are some questions to ensure your changes are complete. Please feel free to ignore the ones that are not relevant:\n" + | |
"- [ ] Have you run `npm run db:generate-schema` to ensure the updated schemas are included in your PR?\n" + | |
"- [ ] Have you run `npm run db:migrate` and then `npm run db:rollback` to confirm that rollbacks are working as expected?\n" + | |
"- [ ] Have you updated the compliance check in the `compliance_checks` table?\n" + | |
"- [ ] Have you included a specific validator (`src/checks/validators/`) for this check with unit tests (`__tests__/checks/`)?\n" + | |
"- [ ] Have you included a specific file in `src/checks/complianceChecks` with the integration tests (`__tests__/checks/`)?\n" + | |
"- [ ] Have you included severity validation (`getSeverityFromPriorityGroup`)?\n" + | |
"- [ ] Have you included the tasks, alerts, and results in the database tables?\n" + | |
"- [ ] Have you tested the check with `check run --name {check_code_name}` using the seeded database (`npm run db:seed`)?\n" + | |
"- [ ] Have you created a PR in [the website](https://github.com/OpenPathfinder/openpathfinder.com) with the calculation details?\n" + | |
"\n" + | |
"You can find more information in [the contributing guide](/CONTRIBUTING.md#add-compliance-checks).\n" | |
}); | |
console.log("Comment added"); | |
} else { | |
console.log("Comment already exists"); | |
} |