From 751a2811188056cdf39c8376458aabf66b322e1a Mon Sep 17 00:00:00 2001 From: ankitjangir1690 Date: Sun, 30 Nov 2025 18:39:52 +0530 Subject: [PATCH 1/3] feat: adding project in workflow --- .github/workflows/add-pr-to-devops.yml | 22 ++++++++++++++++++++++ .github/workflows/auto-reviewer.yml | 7 ++++--- .github/workflows/bot-handler.yml | 3 ++- 3 files changed, 28 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/add-pr-to-devops.yml diff --git a/.github/workflows/add-pr-to-devops.yml b/.github/workflows/add-pr-to-devops.yml new file mode 100644 index 0000000..7971603 --- /dev/null +++ b/.github/workflows/add-pr-to-devops.yml @@ -0,0 +1,22 @@ +name: Add PR to DevOps Board + +on: + pull_request: + types: [opened, reopened] + branches: [master] + push: + branches: [master] + +jobs: + add_to_project: + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + steps: + - name: Add PR to DevOps Release Board + uses: actions/add-to-project@v0.5.0 + with: + project-url: https://github.com/orgs/dhwani-ris/projects/## + github-token: ${{ secrets.GITHUB_TOKEN }} + diff --git a/.github/workflows/auto-reviewer.yml b/.github/workflows/auto-reviewer.yml index 5ba1e01..f97e436 100644 --- a/.github/workflows/auto-reviewer.yml +++ b/.github/workflows/auto-reviewer.yml @@ -2,7 +2,8 @@ name: Auto Request Review on: pull_request: - types: [opened, synchronize, reopened, ready_for_review] + types: [opened, synchronize, reopened, ready_for_review, closed] + branches: [master] permissions: pull-requests: write @@ -13,8 +14,8 @@ jobs: name: Request Review from Default Reviewer runs-on: ubuntu-latest if: | - github.event.pull_request.base.ref == 'main' || - github.event.pull_request.base.ref == 'master' + (github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' || github.event.action == 'ready_for_review') && + (github.event.pull_request.base.ref == 'main' || github.event.pull_request.base.ref == 'master') steps: - name: Request review from default reviewer diff --git a/.github/workflows/bot-handler.yml b/.github/workflows/bot-handler.yml index 8b0476a..050c0ed 100644 --- a/.github/workflows/bot-handler.yml +++ b/.github/workflows/bot-handler.yml @@ -4,7 +4,8 @@ on: issue_comment: types: [created, edited] pull_request: - types: [opened, synchronize, reopened] + types: [opened, synchronize, reopened, closed] + branches: [master] permissions: contents: write From b02880aa958f81bc6895bebe1618567343da9e05 Mon Sep 17 00:00:00 2001 From: ankitjangir1690 Date: Sun, 30 Nov 2025 18:51:54 +0530 Subject: [PATCH 2/3] fix: updated the deployment note and devops checklist --- .github/workflows/add-pr-to-devops.yml | 9 +- .github/workflows/devops-checklist.yml | 132 +++++-------------------- 2 files changed, 30 insertions(+), 111 deletions(-) diff --git a/.github/workflows/add-pr-to-devops.yml b/.github/workflows/add-pr-to-devops.yml index 7971603..08b6733 100644 --- a/.github/workflows/add-pr-to-devops.yml +++ b/.github/workflows/add-pr-to-devops.yml @@ -3,16 +3,19 @@ name: Add PR to DevOps Board on: pull_request: types: [opened, reopened] - branches: [master] - push: - branches: [master] + branches: [main, master] jobs: add_to_project: runs-on: ubuntu-latest + if: | + github.event.pull_request.base.ref == 'main' || + github.event.pull_request.base.ref == 'master' permissions: contents: read pull-requests: write + repository-projects: write + organization-projects: write steps: - name: Add PR to DevOps Release Board uses: actions/add-to-project@v0.5.0 diff --git a/.github/workflows/devops-checklist.yml b/.github/workflows/devops-checklist.yml index 1bc8956..6efce84 100644 --- a/.github/workflows/devops-checklist.yml +++ b/.github/workflows/devops-checklist.yml @@ -181,87 +181,6 @@ jobs: |-------|-----------------|----------------|-----------------| | 1. | \`${context.repo.repo}\` | \`${pr.base.ref}-release-${version}\` | ${formatFeatureDetails(featureDetails)} | - **Dependencies:** - - Dependencies updated: \`TBD\` *(Please review and update)* - \`\`\` - - \`\`\` - - **Database Changes (Queries to run):** - - Database changes required: \`TBD\` *(Please review and update)* - \`\`\` - - \`\`\` - - **Testing:** - - [ ] Unit tests passed - - [ ] Integration tests passed - - [ ] E2E tests passed - - [ ] Manual testing completed - \`\`\` - - \`\`\` - - **Known Issues:** - - Known issues: \`TBD\` *(Please review and update)* - \`\`\` - - \`\`\` - - **Contact Information:** - - Support Team Email: \`\`\`\`\`\` - - Support Team Phone: \`\`\`\`\`\` - - **Attachments:** - - Deployment files attached/committed: \`TBD\` *(Please review and update)* - \`\`\` - - \`\`\` - - --- - - ### For DevOps Team Use Only - *(To be filled by the DevOps team after deploying the release)* - - **Deployment Details:** - - Date and time of deployment: \`\`\`\`\`\` - - Deployed by: \`\`\`\`\`\` - - Deployment Status: \`\`\`\`\`\` - - **Deployment Instructions:** - - [ ] Pre-deployment tasks completed (backups, etc.) - - [ ] Production environment accessed securely - - [ ] Latest release pulled from version control - - [ ] Dependencies installed/updated - - [ ] Database migrations run (if applicable) - - [ ] Application services restarted - - [ ] Deployment monitored and verified - - **Rollback Plan:** - - [ ] Rollback procedure documented - - [ ] Previous version tag identified: \`\`\`\`\`\` - - [ ] Database rollback scripts prepared (if applicable) - - [ ] Rollback tested in staging environment - - **Post-Deployment Checklist:** - - [ ] Service availability and response times verified - - [ ] System resources monitored - - [ ] Critical user scenarios tested - - [ ] Data integrity confirmed - - [ ] Error logs reviewed - - [ ] Security scans completed - - [ ] Server and infrastructure health checked - - [ ] Backup and disaster recovery procedures validated - - **Notes:** - \`\`\` - - \`\`\` - - **Acknowledgment:** - - [ ] Deployment acknowledged and system ready for production use - - --- **Note:** This deployment document was **automatically generated** from PR commits and information. Please review and update the TBD sections before merging.`; // Check if comment already exists @@ -320,6 +239,26 @@ jobs: github-token: ${{ secrets.GITHUB_TOKEN }} script: | const pr = context.payload.pull_request; + + // Check if comment already exists + const comments = await github.rest.issues.listComments({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: pr.number, + }); + + const existingComment = comments.data.find( + comment => comment.user.type === 'Bot' && + comment.body.includes('DevOps Checklist - Workflow Review') + ); + + if (existingComment) { + // Don't update existing comment to preserve checkbox states + console.log('DevOps Checklist comment already exists, preserving user checkboxes'); + return; + } + + // Only create new comment if it doesn't exist const checklist = `## 🔧 DevOps Checklist - Workflow Review **Please review all workflows and checks before merging:** @@ -350,35 +289,12 @@ jobs: --- **Note:** This checklist is for DevOps team to verify all workflows and checks before merging.`; - // Check if comment already exists - const comments = await github.rest.issues.listComments({ + // Create new comment + await github.rest.issues.createComment({ owner: context.repo.owner, repo: context.repo.repo, issue_number: pr.number, + body: checklist }); - - const existingComment = comments.data.find( - comment => comment.user.type === 'Bot' && - comment.body.includes('DevOps Checklist - Workflow Review') - ); - - if (existingComment) { - // Update existing comment - await github.rest.issues.updateComment({ - owner: context.repo.owner, - repo: context.repo.repo, - comment_id: existingComment.id, - body: checklist - }); - console.log('Updated existing DevOps Checklist comment'); - } else { - // Create new comment - await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: pr.number, - body: checklist - }); - console.log('Created new DevOps Checklist comment'); - } + console.log('Created new DevOps Checklist comment'); From 66d8889a1d3c29cd62b25fad7f22f576862ec826 Mon Sep 17 00:00:00 2001 From: ankitjangir1690 Date: Sun, 30 Nov 2025 19:34:16 +0530 Subject: [PATCH 3/3] fix: updated the devops checklist and correct the checklist submission --- .github/workflows/devops-checklist-submit.yml | 124 ++++++++++++++++++ .github/workflows/devops-checklist.yml | 96 ++++++++++---- 2 files changed, 197 insertions(+), 23 deletions(-) create mode 100644 .github/workflows/devops-checklist-submit.yml diff --git a/.github/workflows/devops-checklist-submit.yml b/.github/workflows/devops-checklist-submit.yml new file mode 100644 index 0000000..33d700d --- /dev/null +++ b/.github/workflows/devops-checklist-submit.yml @@ -0,0 +1,124 @@ +name: DevOps Checklist Submission + +on: + issue_comment: + types: [created] + +permissions: + pull-requests: write + contents: read + +jobs: + submit-checklist: + runs-on: ubuntu-latest + if: | + github.event.issue.pull_request && + contains(github.event.comment.body, '/submit-checklist') + steps: + - name: Get PR number + id: get-pr + uses: actions/github-script@v8 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const prNumber = context.payload.issue.number; + core.setOutput('pr_number', prNumber); + return prNumber; + + - name: Submit and lock checklist + uses: actions/github-script@v8 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const prNumber = context.payload.issue.number; + const submitter = context.payload.comment.user.login; + const submitTime = new Date().toISOString(); + const submitDate = new Date().toLocaleString('en-US', { + timeZone: 'UTC', + year: 'numeric', + month: 'long', + day: 'numeric', + hour: '2-digit', + minute: '2-digit', + second: '2-digit', + timeZoneName: 'short' + }); + + // Get all comments to find the checklist + const comments = await github.rest.issues.listComments({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: prNumber, + }); + + const checklistComment = comments.data.find( + comment => comment.user.type === 'Bot' && + comment.body.includes('DevOps Checklist - Workflow Review') + ); + + if (!checklistComment) { + console.log('Checklist comment not found'); + return; + } + + // Check if already submitted + if (checklistComment.body.includes('✅ **CHECKLIST SUBMITTED**')) { + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: prNumber, + body: `⚠️ This checklist has already been submitted and cannot be modified.` + }); + return; + } + + // Extract the current checklist content (preserve checkboxes) + let checklistBody = checklistComment.body; + + // Replace the submission section with submitted status + const submittedSection = `--- + + ### ✅ **CHECKLIST SUBMITTED** + + **Submitted by:** @${submitter} + **Submitted at:** ${submitDate} (UTC) + + 🔒 **This checklist is now locked and cannot be modified.** + + --- + **Note:** This checklist was submitted and is final. No further changes can be made.`; + + // Find and replace the submission section + // Look for the "Submit Checklist" section and replace everything from there to the end + const submitSectionStart = checklistBody.indexOf('### 📤 Submit Checklist'); + if (submitSectionStart !== -1) { + // Keep everything before the submission section, then add the submitted section + checklistBody = checklistBody.substring(0, submitSectionStart) + submittedSection; + } else { + // If section not found, append the submitted section + checklistBody = checklistBody + '\n\n' + submittedSection; + } + + // Update the checklist comment to show it's submitted + await github.rest.issues.updateComment({ + owner: context.repo.owner, + repo: context.repo.repo, + comment_id: checklistComment.id, + body: checklistBody + }); + + // Add a confirmation comment + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: prNumber, + body: `✅ **Checklist submitted successfully!** + + The DevOps Checklist has been locked and cannot be modified. + + **Submitted by:** @${submitter} + **Time:** ${submitDate} (UTC)` + }); + + console.log(`Checklist submitted by ${submitter} at ${submitTime}`); + diff --git a/.github/workflows/devops-checklist.yml b/.github/workflows/devops-checklist.yml index 6efce84..aa6eb8e 100644 --- a/.github/workflows/devops-checklist.yml +++ b/.github/workflows/devops-checklist.yml @@ -253,6 +253,11 @@ jobs: ); if (existingComment) { + // Check if already submitted + if (existingComment.body.includes('✅ **CHECKLIST SUBMITTED**')) { + console.log('Checklist already submitted and locked, cannot update'); + return; + } // Don't update existing comment to preserve checkbox states console.log('DevOps Checklist comment already exists, preserving user checkboxes'); return; @@ -263,31 +268,76 @@ jobs: **Please review all workflows and checks before merging:** - ### Workflow Status Review - - [ ] All CI/CD workflows are passing - - [ ] Quality Checks workflow passed - - [ ] Security Scan workflow passed - - [ ] Code quality checks passed - - [ ] Test coverage meets requirements - - ### Review Status - - [ ] All required reviewers have approved - - [ ] Code review completed - - [ ] Security review completed (if applicable) - - ### Pre-Merge Verification - - [ ] Deployment Notes document reviewed (see Deployment Notes comment above) - - [ ] All commits reviewed - - [ ] Breaking changes identified (if any) - - [ ] Version number verified (if applicable) - - ### Final Checks - - [ ] No blocking issues or errors - - [ ] Ready for production deployment - - [ ] Rollback plan understood (if high-risk) + ### 1. Workflow Status Review + - [ ] DevOps Checklist Reminder + - [ ] Documentation Required + - [ ] Semantic Commits + - [ ] GitHub Actions Security (send-secrets) + - [ ] Quality Checks / Pre-Commit + - [ ] Quality Checks / Semgrep Rules + - [ ] All other workflows passing + + ### 2. Code Review & Approval + - [ ] Team Lead has approved the PR + - [ ] All reviewer comments resolved + - [ ] No leftover debug logs, temp files, zip files, or accidental commits + - [ ] No exposed secrets or credentials + - [ ] Commit messages follow semantic standards + + ### 3. Documentation & Release Notes + - [ ] Deployment Notes reviewed + - [ ] Change summary provided + - [ ] Impacted modules/services listed + - [ ] Config or environment changes documented + - [ ] Rollback Plan attached + - [ ] 🔗 Rollback Reference: https://devops.dhwaniris.com/rollback-guidelines + + ### 4. Functional & QA Validation + - [ ] Changes tested on staging/UAT + - [ ] QA sign-off received + - [ ] No high/critical bugs pending + - [ ] Regression testing completed + - [ ] API responses verified (if applicable) + + ### 5. Security & Compliance + - [ ] Semgrep Rules passed (mandatory) + - [ ] No new security warnings introduced + - [ ] Sensitive logic reviewed + - [ ] No secrets in PR (manual confirmation) + + ### 6. Deployment Verification + - [ ] Deployment strategy identified (Blue/Green / Rolling / Manual) + - [ ] Downtime estimate validated (if applicable) + - [ ] Backup/restore plan ready + - [ ] Monitoring alerts configured or validated + - [ ] Pre-deployment checks completed (DB migrations, queues, cron, cache, etc.) + + ### 7. Merge Validation + - [ ] PR raised from development → master (correct flow) + - [ ] Branch updated with latest master (no conflicts) + - [ ] All merge blockers cleared + - [ ] No pending tasks or approvals + + ### 8. Final DevOps Decision + - [ ] **GO** → Safe to merge into production + - [ ] **NO-GO** → Blocked; failures listed below: + + **Notes:** + \`\`\` + + \`\`\` --- - **Note:** This checklist is for DevOps team to verify all workflows and checks before merging.`; + + ### 📤 Submit Checklist + + **To submit this checklist (cannot be reverted once submitted):** + + Comment: \`/submit-checklist\` + + ⚠️ **Warning:** Once submitted, this checklist will be locked and cannot be modified. + + **Status:** ⏳ *Pending Submission*`; // Create new comment await github.rest.issues.createComment({