Sumeru / #984 - Remove insecure AES/CBC/PKCS5Padding for new encryption #166
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate Release PR | |
| on: | |
| pull_request: | |
| types: [labeled, opened, synchronize, edited] | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| jobs: | |
| validate: | |
| if: >- | |
| (github.event.action == 'labeled' && github.event.label.name == 'release') || | |
| (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'release')) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Validate Release PR | |
| env: | |
| PR_BODY: ${{ github.event.pull_request.body }} | |
| run: | | |
| errors=() | |
| # --- Extract version from source of truth --- | |
| version=$(grep -oP "libraryVersion\s*=\s*'\K[^']+" iterableapi/build.gradle) | |
| if [ -z "$version" ]; then | |
| echo "::error::Could not extract libraryVersion from iterableapi/build.gradle" | |
| exit 1 | |
| fi | |
| echo "Detected version: $version" | |
| # --- Check: Docs PR linked --- | |
| if ! echo "$PR_BODY" | grep -qiP "github\.com/Iterable/iterable-docs/pull/\d+"; then | |
| errors+=("No docs PR link found in the PR description. Add a link to the iterable-docs PR (e.g. https://github.com/Iterable/iterable-docs/pull/123).") | |
| fi | |
| # --- Check: CHANGELOG entry --- | |
| if ! grep -qF "## [$version]" CHANGELOG.md; then | |
| errors+=("CHANGELOG.md is missing an entry for version [$version].") | |
| fi | |
| # --- Check: Version consistency --- | |
| api_lib_ver=$(grep -oP "libraryVersion\s*=\s*'\K[^']+" iterableapi/build.gradle) | |
| api_sdk_ver=$(grep -oP 'ITERABLE_SDK_VERSION.*"\K[0-9][^"\\]+' iterableapi/build.gradle) | |
| ui_lib_ver=$(grep -oP "libraryVersion\s*=\s*'\K[^']+" iterableapi-ui/build.gradle) | |
| if [ "$api_lib_ver" != "$version" ]; then | |
| errors+=("iterableapi/build.gradle libraryVersion is '$api_lib_ver', expected '$version'.") | |
| fi | |
| if [ "$api_sdk_ver" != "$version" ]; then | |
| errors+=("iterableapi/build.gradle ITERABLE_SDK_VERSION is '$api_sdk_ver', expected '$version'.") | |
| fi | |
| if [ "$ui_lib_ver" != "$version" ]; then | |
| errors+=("iterableapi-ui/build.gradle libraryVersion is '$ui_lib_ver', expected '$version'.") | |
| fi | |
| # --- Report --- | |
| if [ ${#errors[@]} -gt 0 ]; then | |
| echo "::error::Release validation failed with ${#errors[@]} issue(s):" | |
| for err in "${errors[@]}"; do | |
| echo "::error:: - $err" | |
| done | |
| exit 1 | |
| fi | |
| echo "All release validations passed for version $version." |