From 196d29d94c8d8d4f4135b51d87cc942063180031 Mon Sep 17 00:00:00 2001
From: Kenji Miyake <31987104+kenji-miyake@users.noreply.github.com>
Date: Tue, 14 Dec 2021 22:54:50 +0900
Subject: [PATCH] feat: add prevent-no-label-execution workflow (#19)

* feat: add prevent-no-label-execution action

Signed-off-by: Kenji Miyake <kenji.miyake@tier4.jp>

* use reusable workflow

Signed-off-by: Kenji Miyake <kenji.miyake@tier4.jp>

* fix bug

Signed-off-by: Kenji Miyake <kenji.miyake@tier4.jp>
---
 .../workflows/prevent-no-label-execution.yaml | 55 +++++++++++++++++++
 README.md                                     | 21 +++++++
 2 files changed, 76 insertions(+)
 create mode 100644 .github/workflows/prevent-no-label-execution.yaml

diff --git a/.github/workflows/prevent-no-label-execution.yaml b/.github/workflows/prevent-no-label-execution.yaml
new file mode 100644
index 00000000..21da92a2
--- /dev/null
+++ b/.github/workflows/prevent-no-label-execution.yaml
@@ -0,0 +1,55 @@
+name: prevent-no-label-execution
+
+on:
+  workflow_call:
+    inputs:
+      label:
+        required: true
+        type: string
+    outputs:
+      run:
+        value: ${{ jobs.prevent-no-label-execution.outputs.run }}
+
+jobs:
+  prevent-no-label-execution:
+    runs-on: ubuntu-latest
+    outputs:
+      run: ${{ steps.prevent-no-label-execution.outputs.run }}
+    steps:
+      - name: Prevent no label execution
+        id: prevent-no-label-execution
+        run: |
+          function check() {
+            if [ "${{ github.event_name }}" != "pull_request" ] && [ "${{ github.event_name }}" != "pull_request_target" ]; then
+              echo "true"
+              return
+            fi
+
+            # Labeled now
+            if [ "${{ github.event.label.name }}" != "" ]; then
+              if [ "${{ github.event.label.name == inputs.label }}" = "true" ]; then
+                echo "true"
+                return
+              fi
+
+              echo "Skipping execution since a different label '${{ github.event.label.name }}' is added."
+              return
+            fi
+
+            # Labeled before and synchronized
+            if [ "${{ contains(github.event.pull_request.labels.*.name, inputs.label) }}" = "true" ]; then
+              echo "true"
+              return
+            fi
+
+            echo "Please add the label '${{ inputs.label }}' to run this workflow."
+            return
+          }
+
+          echo ::set-output name=run::"$(check)"
+        shell: bash
+
+      - name: Show result
+        run: |
+          echo "run: ${{ steps.prevent-no-label-execution.outputs.run }}"
+        shell: bash
diff --git a/README.md b/README.md
index 9ce73b03..61c88d1d 100644
--- a/README.md
+++ b/README.md
@@ -35,6 +35,27 @@ jobs:
       token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
+### [prevent-no-label-execution](.github/workflows/prevent-no-label-execution.yaml)
+
+This workflow checks if the PR has a specific label.  
+It is useful for preventing `pull_request_target` event and self-hosted runners from being executed without the label.
+
+#### Usage
+
+```yaml
+jobs:
+  prevent-no-label-execution:
+    uses: autowarefoundation/autoware-github-actions/prevent-no-label-execution.yaml@tier4/proposal
+    with:
+      label: ARM64
+
+  build-and-test-arm:
+    needs: check-run-condition
+    if: ${{ needs.check-run-condition.outputs.run == 'true' }}
+    runs-on: [self-hosted, linux, ARM64]
+    # ...
+```
+
 ## Supported composite actions
 
 Please see the `README.md` in each directory.