refactor: Add logic to PR to remove label whenever this workflow is r…

…un (#487)
Azure · Oct 25, 2024 · bdf868a · bdf868a
1 parent 942e352
commit bdf868a
Showing 1 changed file with 46 additions and 1 deletion.
diff --git a/.github/workflows/validate-queries.yml b/.github/workflows/validate-queries.yml
@@ -1,16 +1,47 @@
 name: Validate ARG Queries
 
 on:
+  pull_request_target:
+    branches:
+      - main
+      - dev-tools
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - ready_for_review
+    paths:
+    - '**/*.kql'
   workflow_dispatch: {}
 
 permissions:
   contents: read  # This is required for actions/checkout
 
 jobs:
   kql_file_check:
+    environment: Azure
     permissions:
       id-token: write # This is required for requesting the JWT
     runs-on: ubuntu-latest
+    if: |
+      (
+        github.event.pull_request.head.repo.full_name == 'Azure/Azure-Proactive-Resiliency-Library-v2'
+      )
+      ||
+      (
+        github.event.pull_request.head.repo.full_name != 'Azure/Azure-Proactive-Resiliency-Library-v2'
+        &&
+        contains(github.event.pull_request.labels.*.name, 'PR: Safe to Test ARG Queries :test_tube:')
+      )
+      ||
+      (
+        github.event_name == 'workflow_dispatch'
+      )
+      ||
+      (
+        github.event_name == 'merge_group'
+      )
+
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
@@ -20,7 +51,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
-          ref: "refs/pull/${{ inputs.pr_number }}/merge"
+          ref: "refs/pull/${{ github.event.number }}/merge"
           fetch-depth: 2
 
       - name: Sanity Check
@@ -43,3 +74,17 @@ jobs:
       - name: Run KQL Syntax Check
         run: |
           pwsh .github/scripts/validate-kql-syntax.ps1
+
+  remove_label:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - run: |
+          gh pr edit ${{ github.event.pull_request.number }} --remove-label "PR: Safe to Test ARG Queries :test_tube:"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+
+