prowler/.github/workflows/pr-conflict-checker.yml at 7ceee1ee74bec3981369998e3298ab1fabad3651 · prowler-cloud/prowler · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: 'Tools: PR Conflict Checker'

on:
  # zizmor: ignore[dangerous-triggers] - intentional: needs write access for conflict labels/comments, checkout uses PR head SHA for read-only grep
  pull_request_target:
    types:
      - 'opened'
      - 'synchronize'
      - 'reopened'
    branches:
      - 'master'
      - 'v5.*'

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  check-conflicts:
    runs-on: ubuntu-latest
    timeout-minutes: 15
    permissions:
      contents: read
      pull-requests: write
      issues: write

    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
        with:
          egress-policy: audit

      - name: Checkout PR head
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          fetch-depth: 0
          persist-credentials: false

      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@7dee1b0c1557f278e5c7dc244927139d78c0e22a # v47.0.4
        with:
          files: '**'

      - name: Check for conflict markers
        id: conflict-check
        run: |
          echo "Checking for conflict markers in changed files..."

          CONFLICT_FILES=""
          HAS_CONFLICTS=false

          # Check each changed file for conflict markers
          for file in ${STEPS_CHANGED_FILES_OUTPUTS_ALL_CHANGED_FILES}; do
            if [ -f "$file" ]; then
              echo "Checking file: $file"

              # Look for conflict markers (more precise regex)
              if grep -qE '^(<<<<<<<|=======|>>>>>>>)' "$file" 2>/dev/null; then
                echo "Conflict markers found in: $file"
                CONFLICT_FILES="${CONFLICT_FILES}- \`${file}\`"$'\n'
                HAS_CONFLICTS=true
              fi
            fi
          done

          if [ "$HAS_CONFLICTS" = true ]; then
            echo "has_conflicts=true" >> $GITHUB_OUTPUT
            {
              echo "conflict_files<<EOF"
              echo "$CONFLICT_FILES"
              echo "EOF"
            } >> $GITHUB_OUTPUT
            echo "Conflict markers detected"
          else
            echo "has_conflicts=false" >> $GITHUB_OUTPUT
            echo "No conflict markers found in changed files"
          fi
        env:
          STEPS_CHANGED_FILES_OUTPUTS_ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}

      - name: Manage conflict label
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PR_NUMBER: ${{ github.event.pull_request.number }}
          HAS_CONFLICTS: ${{ steps.conflict-check.outputs.has_conflicts }}
        run: |
          LABEL_NAME="has-conflicts"

          # Add or remove label based on conflict status
          if [ "$HAS_CONFLICTS" = "true" ]; then
            echo "Adding conflict label to PR #${PR_NUMBER}..."
            gh pr edit "$PR_NUMBER" --add-label "$LABEL_NAME" --repo ${{ github.repository }} || true
          else
            echo "Removing conflict label from PR #${PR_NUMBER}..."
            gh pr edit "$PR_NUMBER" --remove-label "$LABEL_NAME" --repo ${{ github.repository }} || true
          fi

      - name: Find existing comment
        uses: peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad # v4.0.0
        id: find-comment
        with:
          issue-number: ${{ github.event.pull_request.number }}
          comment-author: 'github-actions[bot]'
          body-includes: '<!-- conflict-checker-comment -->'

      - name: Create or update comment
        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
        with:
          comment-id: ${{ steps.find-comment.outputs.comment-id }}
          issue-number: ${{ github.event.pull_request.number }}
          edit-mode: replace
          body: |
            <!-- conflict-checker-comment -->
            ${{ steps.conflict-check.outputs.has_conflicts == 'true' && '⚠️ **Conflict Markers Detected**' || '✅ **Conflict Markers Resolved**' }}

            ${{ steps.conflict-check.outputs.has_conflicts == 'true' && format('This pull request contains unresolved conflict markers in the following files:

            {0}

            Please resolve these conflicts by:
            1. Locating the conflict markers: `<<<<<<<`, `=======`, and `>>>>>>>`
            2. Manually editing the files to resolve the conflicts
            3. Removing all conflict markers
            4. Committing and pushing the changes', steps.conflict-check.outputs.conflict_files) || 'All conflict markers have been successfully resolved in this pull request.' }}

      - name: Fail workflow if conflicts detected
        if: steps.conflict-check.outputs.has_conflicts == 'true'
        run: |
          echo "::error::Workflow failed due to conflict markers detected in the PR"
          exit 1