Skip to content

add CI workflow for checking SME reviews #110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Erikhu1 merged 5 commits into from
Nov 3, 2025
Merged

add CI workflow for checking SME reviews #110

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
51f6b28
add CI workflow for checking SME reviews
Erikhu1 Oct 29, 2025
0e2c011
give pull request read permission
Erikhu1 Oct 29, 2025
51c6cf8
fix indentation
Erikhu1 Oct 29, 2025
6e2de57
fix typo
Erikhu1 Oct 29, 2025
8dbf29f
fix typo
Erikhu1 Oct 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
96 changes: 96 additions & 0 deletions .github/workflows/SME_review_checker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
name: SME Review Checker

on:
workflow_call:
inputs:
artifact_id:
description: 'Unique identifier for artifacts'
required: true
type: string

permissions:
contents: read
pull-requests: read

jobs:
check-SME-review:
runs-on: ubuntu-latest

steps:
- name: Harden Runner
uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
with:
egress-policy: audit

- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

- name: Get changed files
id: changed-files
run: |
# Get the base branch
BASE_BRANCH="${{ github.event.pull_request.base.ref || 'main' }}"

# Get all changed files in the PR
CHANGED_FILES=$(git diff --name-only origin/$BASE_BRANCH...HEAD)

# Save changed files to output
echo "files<<EOF" >> $GITHUB_OUTPUT
echo "$CHANGED_FILES" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT

- name: Check if supported statements are scored
run: |
# Read the changed files
CHANGED_FILES="${{ steps.changed-files.outputs.files }}"

# Process each changed file
while IFS= read -r file; do
# Skip empty lines
if [[ -z "$file" ]]; then
continue
fi

echo "Checking file: $file"

# Check if file is in TSF/trustable folder and ends with .md
if [[ "$file" == TSF/trustable/* && "$file" == *.md ]]; then
# Extract filename without path and extension
filename=$(basename "$file" .md)

# Skip README files
if [[ "$filename" == "README" ]]; then
continue
fi

echo "Checking TSF trustable file: $file (filename: $filename)"

# Check if filename pattern exists in .dotstop.dot
if grep -q "\"$filename\" -> " .dotstop.dot; then
echo " Found reference in .dotstop.dot for: $filename"

# Check if the file contains "score:" substring
if [[ -f "$file" ]] && grep -q "score:" "$file"; then
echo "ERROR: $file - Error: supported statements shall not be scored"
exit 1
fi
else
echo "No reference found in .dotstop.dot for: $filename"
fi
fi
done <<< "$CHANGED_FILES"

echo "All changed TSF items passed validation"

- name: Generate artifact
run: |
mkdir -p SME_review_checker
echo "SME review checker processed for ${{ inputs.artifact_id }}" > SME_review_checker/SME_review_checker.txt

- name: Upload SME review checker artifact
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: ${{ inputs.artifact_id }}
path: SME_review_checker/
18 changes: 14 additions & 4 deletions .github/workflows/parent-workflow.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,16 @@ jobs:
with:
artifact_id: "labeler-${{ github.sha }}"

SME_review_checker:
permissions:
contents: read
pull-requests: read
name: Run SME_review_checker Workflow
if: ${{ github.event_name == 'pull_request' }} # only run SME_review_checker for PRs
uses: ./.github/workflows/SME_review_checker.yml
with:
artifact_id: "SME_review_checker-${{ github.sha }}"

check_amalgamation:
name: Run Amalgamation Workflow
if: ${{ github.event_name == 'pull_request' }} # only run check_amalgamation for PRs
Expand Down Expand Up @@ -63,11 +73,11 @@ jobs:
collect_artifacts_pr:
name: "Collect Results & Deploy (PR)"
if: github.event_name == 'pull_request'
needs: [labeler, check_amalgamation, test_trudag_extensions, dependency_review, codeql, ubuntu]
needs: [labeler, SME_review_checker, check_amalgamation, test_trudag_extensions, dependency_review, codeql, ubuntu]
runs-on: ubuntu-latest
strategy:
matrix:
target: [labeler, check_amalgamation, test_trudag_extensions, dependency_review, codeql, ubuntu]
target: [labeler, SME_review_checker, check_amalgamation, test_trudag_extensions, dependency_review, codeql, ubuntu]

steps:
- name: Checkout code
Expand Down Expand Up @@ -96,11 +106,11 @@ jobs:
collect_artifacts_non_pr:
name: "Collect Results & Deploy (Non-PR)"
if: github.event_name != 'pull_request'
needs: [labeler, test_trudag_extensions, codeql, ubuntu] # no check_amalgamation or dependency_review if non PR
needs: [labeler, SME_review_checker, test_trudag_extensions, codeql, ubuntu] # no check_amalgamation or dependency_review if non PR
runs-on: ubuntu-latest
strategy:
matrix:
target: [labeler, test_trudag_extensions, codeql, ubuntu]
target: [labeler, SME_review_checker, test_trudag_extensions, codeql, ubuntu]

steps:
- name: Checkout code
Expand Down