Merge branch 'master' into feature/evidence-submissions-error-handling

department-of-veterans-affairs · Dec 12, 2024 · 839da2b · 839da2b
2 parents 240954d + 911af5d
commit 839da2b
Show file tree

Hide file tree

Showing 1,005 changed files with 61,147 additions and 19,449 deletions.
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -24,7 +24,7 @@
 
   "features": {
     "ghcr.io/devcontainers-contrib/features/ruby-asdf:0": {
-      "version": "3.3.3"
+      "version": "3.3.6"
     },
     "ghcr.io/robbert229/devcontainer-features/postgresql-client:1": {
       "version": "15"

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
diff --git a/.github/workflows/audit_service_tags.yml b/.github/workflows/audit_service_tags.yml
@@ -21,14 +21,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Remove Review label
-        if:  github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'ready-for-backend-review')
-        uses: actions-ecosystem/action-remove-labels@v1
-        with:
-          number: ${{ github.event.pull_request.number }}
-          labels: |
-            ready-for-backend-review
-
       - uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USER }}

diff --git a/.github/workflows/backend-pr-labeler.yml b/.github/workflows/backend-pr-labeler.yml
@@ -2,14 +2,206 @@ name: Backend PR Labeler
 on:
   pull_request:
     types: [opened, reopened, review_requested, review_request_removed, ready_for_review, converted_to_draft, labeled, unlabeled]
+  pull_request_review:
+    types: [submitted]
   workflow_run:
-    workflows: 
+    workflows:
       - "Code Checks"
     types: [completed]
 jobs:
+  get-pr-data:
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    outputs:
+      pr_number: ${{ steps.get_pr_data.outputs.pr_number }}
+      pr_draft: ${{ steps.get_pr_data.outputs.pr_draft }}
+      pr_labels: ${{ steps.get_pr_data.outputs.pr_labels }}
+      pr_requested_teams: ${{ steps.get_pr_data.outputs.pr_requested_teams }}
+    steps:
+      - name: Get pull_request data
+        id: get_pr_data
+        run: |
+          if ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_review'}}; then
+            echo "pr_number=${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT
+            echo "pr_draft=${{ github.event.pull_request.draft }}" >> $GITHUB_OUTPUT
+            echo "pr_labels=$(echo '${{ toJSON(github.event.pull_request.labels.*.name) }}' | jq -c '.')" >> $GITHUB_OUTPUT
+            echo "pr_requested_teams=$(echo '${{ toJSON(github.event.pull_request.requested_teams.*.name) }}' | jq -c '.')" >> $GITHUB_OUTPUT
+          elif ${{ github.event_name == 'workflow_run' }}; then
+            if ${{ github.event.workflow_run.event == 'push' }}; then
+              echo "Workflow was triggered by push to ${{ github.event.workflow_run.head_branch }}. Labeling not required."
+              exit 0
+            elif ${{ toJSON(github.event.workflow_run.pull_requests) != '[]' }}; then
+              PR_NUMBER="${{ github.event.workflow_run.pull_requests[0].number }}"
+              echo "pr_number=${PR_NUMBER}" >> $GITHUB_OUTPUT
+
+              # Fetch PR details from GitHub API
+              PR_INFO=$(gh api /repos/${{ github.repository }}/pulls/${PR_NUMBER} --jq '{
+                draft: .draft,
+                labels: [.labels[].name],
+                requested_teams: [.requested_teams[].slug]
+              }')
+
+              # Extract and store individual fields
+              echo "pr_draft=$(echo "$PR_INFO" | jq -r '.draft')" >> $GITHUB_OUTPUT
+              echo "pr_labels=$(echo "$PR_INFO" | jq -c '.labels')" >> $GITHUB_OUTPUT
+              echo "pr_requested_teams=$(echo "$PR_INFO" | jq -c '.requested_teams')" >> $GITHUB_OUTPUT
+            else
+              echo "Workflow run has no associated pull requests. Labeling not performed."
+              exit 0
+            fi
+          else
+            echo "event_name: ${{ github.event_name }}"
+            echo "Pull Request not successfully retrieved."
+            exit 1
+          fi
+
+      - name: Echo PR data
+        if: ${{ steps.get_pr_data.outputs.pr_number != '' }}
+        run: |
+          echo "pr_number: ${{ steps.get_pr_data.outputs.pr_number }}"
+          echo "pr_draft: ${{ steps.get_pr_data.outputs.pr_draft }}"
+          echo "pr_labels: ${{ steps.get_pr_data.outputs.pr_labels }}"
+          echo "pr_labels: ${{ fromJson(steps.get_pr_data.outputs.pr_labels)[0] }}"
+          echo "pr_requested_teams: ${{ steps.get_pr_data.outputs.pr_requested_teams }}"
+          echo "pr_requested_teams: ${{ fromJSON(steps.get_pr_data.outputs.pr_requested_teams)[0] }}"
+
   check-pr-status:
     runs-on: ubuntu-latest
+    needs: get-pr-data
+    if: ${{ needs.get-pr-data.outputs.pr_number != '' }}
+    env:
+      pr_labels: ${{ needs.get-pr-data.outputs.pr_labels }}
+      pr_requested_teams: ${{ needs.get-pr-data.outputs.pr_requested_teams }}
+    outputs:
+      test_status: ${{ steps.get_code_checks_conclusion.outputs.test_status }}
+      exempt: ${{ steps.check_exemption.outputs.exempt }}
+      failures_detected: ${{ steps.audit_pr_labels.outputs.failures_detected }}
+    steps:
+      - name: Print vars (DELETE ME)
+        run: |
+          echo "pr_labels=${{ needs.get-pr-data.outputs.pr_labels }}"
+          echo "pr_requested_teams=${{ needs.get-pr-data.outputs.pr_requested_teams }}"
+
+      - name: Get Code Checks result
+        if: github.event_name == 'workflow_run'
+        run: |
+          echo "test_status=${{ github.event.workflow_run.conclusion }}" >> $GITHUB_OUTPUT
+          echo "test_status: ${{ github.event.workflow_run.conclusion }}"
+
+      - name: Check for exemption
+        id: check_exemption
+        run: |
+          if ${{ contains(fromJSON(env.pr_requested_teams), 'backend-review-group') }}; then
+            echo "exempt=false" >> $GITHUB_OUTPUT
+            echo "PR requires backend approval."
+          else
+            echo "exempt=true" >> $GITHUB_OUTPUT
+            echo "PR is exempt from backend approval."
+          fi
+
+      - name: Check for failure labels
+        id: audit_pr_labels
+        run: |
+          if \
+            ${{ contains(env.pr_labels, 'audit-service-failure') }} || \
+            ${{ contains(env.pr_labels, 'code-health-failure') }} || \
+            ${{ contains(env.pr_labels, 'codeowners-addition-failure') }} || \
+            ${{ contains(env.pr_labels, 'codeowners-delete-failure') }} || \
+            ${{ contains(env.pr_labels, 'lint-failure') }} || \
+            ${{ contains(env.pr_labels, 'test-failure') }} ; then
+            echo "failures_detected=true" >> $GITHUB_OUTPUT
+            echo "Failure labels detected."
+          else
+            echo "failures_detected=false" >> $GITHUB_OUTPUT
+            echo "No failure labels detected."
+          fi
+
+  check-approvals:
+    runs-on: ubuntu-latest
+    needs: [get-pr-data, check-pr-status]
+    if: ${{ needs.check-pr-status.outputs.exempt == 'false' && needs.check-pr-status.outputs.pr_draft == 'false' }}
+    env:
+      pr_number: ${{ needs.get-pr-data.outputs.pr_number }}
+    outputs:
+      approval_status: ${{ steps.verify_approval.outputs.approval_status }}
+    steps:
+      - name: Print vars (DELETE ME)
+        run: |
+          echo "pr_number=${{ env.pr_number }}"
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/[email protected]
+        with:
+          aws-access-key-id: ${{ secrets.aws_access_key_id }}
+          aws-secret-access-key: ${{ secrets.aws_secret_access_key }}
+          aws-region: "us-gov-west-1"
+
+      - name: Get bot token from Parameter Store
+        uses: marvinpinto/action-inject-ssm-secrets@latest
+        with:
+          ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN
+          env_variable_name: VA_VSP_BOT_GITHUB_TOKEN
+
+      - name: Get PR Reviews
+        id: get_pr_reviews
+        uses: octokit/[email protected]
+        with:
+          route: GET /repos/${{ github.repository }}/pulls/${{ env.pr_number }}/reviews
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get backend-review-group members
+        id: get_team_members
+        uses: octokit/[email protected]
+        with:
+          route: GET /orgs/department-of-veterans-affairs/teams/backend-review-group/members
+        env:
+          GITHUB_TOKEN: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }}
+
+      # Confirm an approval exists from at least one BE team member
+      - name: Verify backend-review-group approval
+        id: verify_approval
+        run: |
+          BACKEND_REVIEWERS=$(cat <<'EOF' | jq -r '.[].login' | tr '\n' '|' | sed 's/|$//'
+          ${{ steps.get_team_members.outputs.data }}
+          EOF
+          )
+
+          APPROVALS=$(cat <<'EOF' | jq -r '.[] | select(.state == "APPROVED") | .user.login' | grep -iE "$BACKEND_REVIEWERS" | wc -l
+          ${{ steps.get_pr_reviews.outputs.data }}
+          EOF
+          )
+
+          echo "Number of backend-review-group approvals: $APPROVALS"
+          if [ "$APPROVALS" -eq 0 ]; then
+            echo "approval_status=required" >> $GITHUB_OUTPUT
+            echo "Backend-review-group approval required."
+          else
+            echo "approval_status=confirmed" >> $GITHUB_OUTPUT
+            echo "Backend-review-group approval confirmed."
+          fi
+
+  apply-labels:
+    runs-on: ubuntu-latest
+    needs: [get-pr-data, check-pr-status, check-approvals]
+    if: ${{ always() }}
+    env:
+      exempt: ${{ needs.check-pr-status.outputs.exempt }}
+      pr_number: ${{ needs.get-pr-data.outputs.pr_number }}
+      pr_draft: ${{ needs.get-pr-data.outputs.pr_draft }}
+      pr_labels: ${{ needs.get-pr-data.outputs.pr_labels }}
+      test_status: ${{ needs.check-pr-status.outputs.test_status }}
+      failures_detected: ${{ needs.check-pr-status.outputs.failures_detected }}
+      approval_status: ${{ needs.check-approvals.outputs.approval_status }}
     steps:
-      - name: Say Hi
+      - name: print vars (DELETE ME)
+        id: print-vars
         run: |
-          echo "Hi"
+          echo ${{ env.exempt }}
+          echo ${{ env.pr_number }}
+          echo ${{ env.pr_draft }}
+          echo ${{ env.pr_labels }}
+          echo ${{ env.test_status }}
+          echo ${{ env.failures_detected }}
+          echo ${{ env.approval_status }}
diff --git a/.github/workflows/check_codeowners.yml b/.github/workflows/check_codeowners.yml
@@ -20,14 +20,6 @@ jobs:
       with:
         fetch-depth: 2
 
-    - name: Remove Review label
-      if:  github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'ready-for-backend-review')
-      uses: actions-ecosystem/action-remove-labels@v1
-      with:
-        number: ${{ github.event.pull_request.number }}
-        labels: |
-          ready-for-backend-review
-
     - name: Configure AWS Credentials
       uses: aws-actions/[email protected]
       with:
@@ -80,14 +72,6 @@ jobs:
       with:
         fetch-depth: 2
 
-    - name: Remove Review label
-      if:  github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'ready-for-backend-review')
-      uses: actions-ecosystem/action-remove-labels@v1
-      with:
-        number: ${{ github.event.pull_request.number }}
-        labels: |
-          ready-for-backend-review
-
     - name: Configure AWS Credentials
       uses: aws-actions/[email protected]
       with: