Conversation
github-actions
bot
changed the title
| - name: Check issue key | ||
| if: ${{ !steps.jira_key_from_title.outputs.issue_key }} | ||
| run: | | ||
| echo "Could not determine Jira issue from PR title" |
There was a problem hiding this comment.
Probably TODO: add exceptions for Dependabot etc PRs.
sebhmg
force-pushed
the
DEVOPS-853-check-jira-issue
branch
from
10650e3 to
4d59de0
Compare
sebhmg
left a comment
sebhmg
left a comment
There was a problem hiding this comment.
see suggestion to merge workflows, and use a more specific pattern
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
sebhmg
left a comment
sebhmg
left a comment
There was a problem hiding this comment.
please, see questions and suggestions
andrewg-mira
force-pushed
the
DEVOPS-853-check-jira-issue
branch
4 times, most recently
from
07482e7 to
23cb0e6
Compare
andrewg-mira
force-pushed
the
DEVOPS-853-check-jira-issue
branch
2 times, most recently
from
aa29b27 to
e35cfc1
Compare
andrewg-mira
force-pushed
the
DEVOPS-853-check-jira-issue
branch
from
e35cfc1 to
866e558
Compare
There was a problem hiding this comment.
Pull request overview
Adds/updates reusable GitHub Actions workflows intended to extract a Jira issue key from a PR/branch, optionally update the PR with the Jira summary, and enforce Jira sprint/status requirements using the newer Jira JQL search endpoint.
Changes:
- Added reusable workflow to validate a Jira issue is in an open/future sprint and “In Progress” via Jira REST API v3 JQL search.
- Hardened/adjusted the reusable “add Jira summary” workflow trigger conditions and token permissions handling.
- Introduced a combined reusable workflow that both updates PR content from Jira and validates Jira status.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 9 comments.
| File | Description |
|---|---|
.github/workflows/reusable-jira-pr_check_issue.yml |
New reusable workflow to derive Jira key (currently title-only) and validate sprint/status via Jira JQL search endpoint. |
.github/workflows/reusable-jira-pr_add_jira_summary.yml |
Adds permissions: {} and job gating; impacts ability to update PR via GitHub API. |
.github/workflows/reusable-jira-pr_actions.yml |
New “all-in-one” reusable workflow combining issue key extraction, PR update from Jira summary, and status enforcement. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| response=$(curl -s --request GET \ | ||
| --url "$JIRA_BASE_URL/rest/api/3/search/jql?jql=$jqlencoded&fields=statusCategory" \ | ||
| --user "${JIRA_USER_EMAIL}:${JIRA_API_TOKEN}" \ | ||
| --header 'Accept: application/json' \ | ||
| --header 'Content-Type: application/json') | ||
|
|
||
| if [ $? -ne 0 ]; then | ||
| echo "Jira API: error" | ||
| exit 1 | ||
| fi | ||
|
|
There was a problem hiding this comment.
The Jira API calls use curl -s and only check $?, which won’t catch HTTP 4xx/5xx responses (curl still exits 0). Consider using -fS (or capturing the HTTP status code) and validating the JSON response for Jira errors so the workflow fails reliably on API errors.
| response=$(curl -s --request GET \ | |
| --url "$JIRA_BASE_URL/rest/api/3/search/jql?jql=$jqlencoded&fields=statusCategory" \ | |
| --user "${JIRA_USER_EMAIL}:${JIRA_API_TOKEN}" \ | |
| --header 'Accept: application/json' \ | |
| --header 'Content-Type: application/json') | |
| if [ $? -ne 0 ]; then | |
| echo "Jira API: error" | |
| exit 1 | |
| fi | |
| response=$(curl -fsS --request GET \ | |
| --url "$JIRA_BASE_URL/rest/api/3/search/jql?jql=$jqlencoded&fields=statusCategory" \ | |
| --user "${JIRA_USER_EMAIL}:${JIRA_API_TOKEN}" \ | |
| --header 'Accept: application/json' \ | |
| --header 'Content-Type: application/json') | |
| if [ $? -ne 0 ]; then | |
| echo "Jira API: HTTP request failed" | |
| exit 1 | |
| fi | |
| if ! echo "$response" | jq -e . > /dev/null 2>&1; then | |
| echo "Jira API: invalid JSON response" | |
| exit 1 | |
| fi |
There was a problem hiding this comment.
using curl -fsS sounds a good suggestion to better capture error cases
| runs-on: ubuntu-latest | ||
| timeout-minutes: 5 | ||
| outputs: | ||
| issue_key_from_branch: ${{ steps.issue_key_from_branch.outputs.issue_key }} |
There was a problem hiding this comment.
| issue_key_from_branch: ${{ steps.issue_key_from_branch.outputs.issue_key }} | |
| issue_key: ${{ steps.issue_key_from_title.outputs.issue_key || steps.issue_key_from_branch.outputs.issue_key }} |
There was a problem hiding this comment.
sugggestion: keep only issue_key, and remove issue_key_from_branch and issue_key_from_title
| "$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/pulls/${{ github.event.pull_request.number }}" | ||
| > /dev/null | ||
|
|
||
| check_jira_issue: |
There was a problem hiding this comment.
skip the whole workflow if a dependbot PR
There was a problem hiding this comment.
possibly not needed to filter out dependabot PRs, as not finding a JIRA issue it not an error
but could the regex match something from the dependabot branch or PR title, which would then fail when requesting JIRA and thus mark the PR as failed?
There was a problem hiding this comment.
hence, my earlier suggestion of a stricter regex, using a secret that would list all the expected JIRA keys.
E.g.: "\b(NI|SHRUB|BEAST|AARG|SWALLOW|TIM|BRIDGE)[-# ]*([0-9]+)"
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
sebhmg
left a comment
sebhmg
left a comment
There was a problem hiding this comment.
please see suggestion from slight adjustments
Also, pending question about handling dependabot PRs (or those from Laravel Shift)
| runs-on: ubuntu-latest | ||
| timeout-minutes: 5 | ||
| outputs: | ||
| issue_key_from_branch: ${{ steps.issue_key_from_branch.outputs.issue_key }} |
There was a problem hiding this comment.
sugggestion: keep only issue_key, and remove issue_key_from_branch and issue_key_from_title
|
|
||
| steps: | ||
|
|
||
| - name: Get JIRA summary from branch |
There was a problem hiding this comment.
| - name: Get JIRA summary from branch | |
| - name: Get JIRA issue summary |
| response=$(curl -s --request GET \ | ||
| --url "$JIRA_BASE_URL/rest/api/3/search/jql?jql=$jqlencoded&fields=statusCategory" \ | ||
| --user "${JIRA_USER_EMAIL}:${JIRA_API_TOKEN}" \ | ||
| --header 'Accept: application/json' \ | ||
| --header 'Content-Type: application/json') | ||
|
|
||
| if [ $? -ne 0 ]; then | ||
| echo "Jira API: error" | ||
| exit 1 | ||
| fi | ||
|
|
There was a problem hiding this comment.
using curl -fsS sounds a good suggestion to better capture error cases
| "$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/pulls/${{ github.event.pull_request.number }}" | ||
| > /dev/null | ||
|
|
||
| check_jira_issue: |
There was a problem hiding this comment.
possibly not needed to filter out dependabot PRs, as not finding a JIRA issue it not an error
but could the regex match something from the dependabot branch or PR title, which would then fail when requesting JIRA and thus mark the PR as failed?
2 participants
DEVOPS-853 - Update Jenkinslib -- Jira API for querying issues is deprecated