update pull-request.yml to ignore actions on ignore-sensitive-files-pr

[govindsingh3477]

label

What kind of change does this PR introduce?

feature

Issue Number:

Fixes #2383

Did you add tests for your changes?

Snapshots/Videos:

If relevant, did you update the documentation?

Summary

Does this PR introduce a breaking change?

Other information

Have you read the contributing guide?

yes

Summary by CodeRabbit

• New Features
  • Introduced a new validation step to ensure pull requests target the 'develop' branch.
• Improvements
  • Enhanced conditions for sensitive file checks to avoid unnecessary validations for specific pull requests.

[coderabbitai]

Walkthrough

The pull request modifies the GitHub Actions workflow in the pull-request.yml file. It updates the conditional logic for the Check-Sensitive-Files job to include checks for the ignore-sensitive-files-pr label and adds a new job, Check-Target-Branch, to ensure the target branch is 'develop'. These changes refine the execution conditions for specific jobs in the workflow, enhancing the overall control flow regarding sensitive file checks and branch validation.

Changes

File	Change Summary
.github/workflows/pull-request.yml	- Updated condition in Check-Sensitive-Files job to check for ignore-sensitive-files-pr label. - Added new job Check-Target-Branch to validate the target branch.

Assessment against linked issues

Objective	Addressed	Explanation
Update Check-Sensitive-Files job to ignore PRs with ignore-sensitive-files-pr label (#2383)	✅
Ensure that only the Check-Sensitive-Files job is affected by the label (#2383)	✅

Possibly related PRs

• fixed the eslint checker #2318: The changes in this PR also modify the .github/workflows/pull-request.yml file, specifically adding a job that checks the target branch and enhancing the linting process, which aligns with the main PR's updates to the workflow configuration.

Suggested reviewers

• palisadoes

Poem

In the land of code where rabbits hop,
A workflow change makes our checks non-stop.
With labels to guard and branches to check,
We dance through PRs, no need for a wreck!
Hooray for the logic, so clever and bright,
Our codebase is safe, all thanks to this light! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Our Pull Request Approval Process

We have these basic policies to make the approval process smoother for our volunteer team.

Testing Your Code

Please make sure your code passes all tests. Our test code coverage system will fail if these conditions occur:

1. The overall code coverage drops below the target threshold of the repository
2. Any file in the pull request has code coverage levels below the repository threshold
3. Merge conflicts

The process helps maintain the overall reliability of the code base and is a prerequisite for getting your PR approved. Assigned reviewers regularly review the PR queue and tend to focus on PRs that are passing.

Reviewers

Do not assign reviewers. Our Queue Monitors will review your PR and assign them.
When your PR has been assigned reviewers contact them to get your code reviewed and approved via:

1. comments in this PR or
2. our slack channel

Reviewing Your Code

Your reviewer(s) will have the following roles:

1. arbitrators of future discussions with other contributors about the validity of your changes
2. point of contact for evaluating the validity of your work
3. person who verifies matching issues by others that should be closed.
4. person who gives general guidance in fixing your tests

CONTRIBUTING.md

Read our CONTRIBUTING.md file. Most importantly:

1. PRs with issues not assigned to you will be closed by the reviewer
2. Fix the first comment in the PR so that each issue listed automatically closes

Other

1. 🎯 Please be considerate of our volunteers' time. Contacting the person who assigned the reviewers is not advised unless they ask for your input. Do not @ the person who did the assignment otherwise.
2. Read the CONTRIBUTING.md file make

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 97.99%. Comparing base (6fadd0c) to head (9b7bcd3).
Report is 1 commits behind head on develop.

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #2384   +/-   ##
========================================
  Coverage    97.99%   97.99%           
========================================
  Files          246      246           
  Lines         7020     7020           
  Branches      2015     2015           
========================================
  Hits          6879     6879           
  Misses         131      131           
  Partials        10       10           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (1)

.github/workflows/pull-request.yml (1)

Line range hint 279-289: Consider enhancing the job name and error message.

The job correctly implements the target branch validation, but could benefit from these improvements:

-  Check-Target-Branch:
+  Enforce-Develop-Target-Branch:
   if: ${{ github.actor != 'dependabot[bot]' }}
-    name: Check Target Branch
+    name: Ensures PRs target the develop branch
   runs-on: ubuntu-latest
   steps:
     - name: Check if the target branch is develop
       if: github.event.pull_request.base.ref != 'develop'
       run: |
-          echo "Error: Pull request target branch must be 'develop'. Please refer PR_GUIDELINES.md"
+          echo "Error: Invalid target branch '${GITHUB_BASE_REF}'. All pull requests must target the 'develop' branch as outlined in PR_GUIDELINES.md"
+          echo "Current target: ${GITHUB_BASE_REF}"
+          echo "Required target: develop"
           exit 1

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 6fadd0c and 9b7bcd3.

📒 Files selected for processing (1)

• .github/workflows/pull-request.yml (1 hunks)

🔇 Additional comments (1)

.github/workflows/pull-request.yml (1)

83-83: LGTM! Verify the condition works as expected.

The condition correctly implements the new label-based exclusion while maintaining the existing dependabot check.

Let's verify the condition works as expected:

✅ Verification successful

Let me gather more information about how these sensitive files are being checked in the workflows.

---

Let me check how the sensitive files are being validated in the job to ensure the condition is properly integrated with the actual checks.

---

Let me check what happens after the files are detected to ensure the complete workflow is properly handling the condition.

---

Condition is correctly implemented and properly integrated with the sensitive files check

The verification confirms that:

• The condition is properly integrated with the tj-actions/changed-files action that checks for sensitive file modifications
• The job correctly skips for both dependabot and when the 'ignore-sensitive-files-pr' label is present
• The list of protected files is comprehensive and properly monitored
• The workflow fails appropriately when unauthorized changes are detected (through the echo and implicit failure)

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify that sensitive file checks are properly configured
# Expected: The job should run by default, skip for dependabot, and skip when label is present

# Test 1: Check if any other workflows reference these sensitive files
rg -l "env\.example|\.node-version|\.husky|scripts/|package\.json|tsconfig\.json|\.gitignore|\.eslintrc\.json|\.eslintignore|\.prettierrc|\.prettierignore|vite\.config\.ts|docker-compose\.yaml|Dockerfile|CODEOWNERS|LICENSE|setup\.ts|\.coderabbit\.yaml|CODE_OF_CONDUCT\.md|CODE_STYLE\.md|CONTRIBUTING\.md|DOCUMENTATION\.md|INSTALLATION\.md|ISSUE_GUIDELINES\.md|PR_GUIDELINES\.md|README\.md" .github/workflows/

# Test 2: Check for any other conditions that might override this check
rg "ignore-sensitive-files-pr" .github/workflows/

Length of output: 867

---

Script:

#!/bin/bash
# Check the implementation of sensitive file checks in pull-request.yml
rg -A 10 "Check-Sensitive-Files" .github/workflows/pull-request.yml

# Check if there are any other jobs or conditions in other workflows that might conflict
rg -A 5 "Check-Sensitive-Files|sensitive.*files" .github/workflows/

Length of output: 1218

---

Script:

#!/bin/bash
# Get the complete Check-Sensitive-Files job implementation
rg -B 2 -A 30 "Check-Sensitive-Files:" .github/workflows/pull-request.yml

# Check if there are any other places where these files are being validated
rg "tj-actions/changed-files" .github/workflows/

Length of output: 1389

---

Script:

#!/bin/bash
# Get the complete job implementation including what happens after files are detected
rg -B 5 -A 40 "Get Changed Unauthorized files" .github/workflows/pull-request.yml

Length of output: 1477

[govindsingh3477]

@varshith257 can you please help me why this "PR Workflow / Runs Introspection on the GitHub talawa-api repo on the schema.graphql file (pull_req" is failing?

[palisadoes]

Please fix the introspection tests. That will be needed to determine whether this PR will cause the desired behavior.

You should ask to be assigned to this issue too and make the changes a part of this PR.

• Fix the introspection GitHub action tests (Oct 2024) #2385

Here are some examples of issues fixing this in the past:

• Fix the introspection GitHub action tests (Feb 2024) #1542
• Fix the introspection GitHub action tests #1491

[govindsingh3477]

@palisadoes sir , Do you want me to solve issue #2385 in this pr or i can create a separate pr ?

[varshith257]

@palisadoes sir , Do you want me to solve issue #2385 in this pr or i can create a separate pr ?

@govindsingh3477 Your wish but the aim is to make all workflows green here in the PR. I think you can push here

[govindsingh3477]

This issue arises due to createGroupChat , createDirectChat ,createMessageChat were removed in commit PalisadoesFoundation/talawa-api@2f605f9, now i should remove these from talwa admin ?

[varshith257]

See here
#1500

[varshith257]

But I think Chat feature worked by @disha1202. Let's confirm from her

[govindsingh3477]

i think these can be removed as some related functions were removed in
ca7c569

[varshith257]

Closing in favor of #2391