github.com/letsencrypt/boulder@v0.20251208.0/.github/workflows/cps-review.yml

github.com/letsencrypt/boulder@v0.20251208.0/.github/workflows/cps-review.yml (about)

     1  name: Check PR for changes that trigger CP/CPS review
     2  
     3  on:
     4    pull_request:
     5      types: [ready_for_review, review_requested]
     6      paths:
     7        - 'features/features.go'
     8  
     9  jobs:
    10    check-features:
    11      runs-on: ubuntu-latest
    12      permissions:
    13        pull-requests: write
    14      steps:
    15        - name: Setup Go
    16          uses: actions/setup-go@v5
    17          with:
    18            go-version: "stable"
    19  
    20        - name: Checkout Upstream
    21          uses: actions/checkout@v4
    22          with:
    23            ref: ${{ github.event.pull_request.base.ref }}
    24        - name: Get Current Flags
    25          run: go run ./test/list-features/list-features.go | sort >| /tmp/currflags.txt
    26  
    27        - name: Checkout PR
    28          uses: actions/checkout@v4
    29        - name: Get PR Flags
    30          run: go run ./test/list-features/list-features.go | sort >| /tmp/prflags.txt
    31  
    32        - name: Identify New Flags
    33          id: newflags
    34          run: echo flagnames=$(comm -13 /tmp/currflags.txt /tmp/prflags.txt | paste -sd,) >> $GITHUB_OUTPUT
    35  
    36        - name: Comment PR
    37          if: ${{ steps.newflags.outputs.flagnames != '' }}
    38          uses: actions/github-script@v8
    39          with:
    40            script: |
    41              const { owner, repo, number: issue_number } = context.issue;
    42  
    43              // No need to comment if the PR description already has a CPS review.
    44              const reviewRegexp = /^CPS Compliance Review:/;
    45              if (reviewRegexp.test(context.payload.pull_request.body)) {
    46                return;
    47              }
    48  
    49              // No need to comment if this task has previously commented on this PR.
    50              const commentMarker = '<!-- cps_review_check -->';
    51              const comments = await github.rest.issues.listComments({
    52                owner,
    53                repo,
    54                issue_number
    55              });
    56              if (comments.data.find(c => c.body.includes(commentMarker))) {
    57                return;
    58              }
    59  
    60              // No existing review or comment found, post the comment.
    61              const prAuthor = context.payload.pull_request.user.login;
    62              const flagNames = '${{ steps.newflags.outputs.flagnames }}';
    63              const commentBody = `${commentMarker}\n@${prAuthor}, this PR adds one or more new feature flags: ${flagNames}. As such, this PR must be accompanied by a review of the Let's Encrypt CP/CPS to ensure that our behavior both before and after this flag is flipped is compliant with that document.\n\nPlease conduct such a review, then add your findings to the PR description in a paragraph beginning with "CPS Compliance Review:".`;
    64              await github.rest.issues.createComment({
    65                owner,
    66                repo,
    67                issue_number,
    68                body: commentBody
    69              });