From bdf868a09aa8c5aafbb7592d5faffed650a42f71 Mon Sep 17 00:00:00 2001
From: Zach Trocinski <30884663+oZakari@users.noreply.github.com>
Date: Fri, 25 Oct 2024 15:08:36 -0500
Subject: [PATCH] refactor: Add logic to PR to remove label whenever this
 workflow is run (#487)

---
 .github/workflows/validate-queries.yml | 47 +++++++++++++++++++++++++-
 1 file changed, 46 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/validate-queries.yml b/.github/workflows/validate-queries.yml
index 8c236ef87..e6ab88667 100644
--- a/.github/workflows/validate-queries.yml
+++ b/.github/workflows/validate-queries.yml
@@ -1,6 +1,17 @@
 name: Validate ARG Queries
 
 on:
+  pull_request_target:
+    branches:
+      - main
+      - dev-tools
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - ready_for_review
+    paths:
+    - '**/*.kql'
   workflow_dispatch: {}
 
 permissions:
@@ -8,9 +19,29 @@ permissions:
 
 jobs:
   kql_file_check:
+    environment: Azure
     permissions:
       id-token: write # This is required for requesting the JWT
     runs-on: ubuntu-latest
+    if: |
+      (
+        github.event.pull_request.head.repo.full_name == 'Azure/Azure-Proactive-Resiliency-Library-v2'
+      )
+      ||
+      (
+        github.event.pull_request.head.repo.full_name != 'Azure/Azure-Proactive-Resiliency-Library-v2'
+        &&
+        contains(github.event.pull_request.labels.*.name, 'PR: Safe to Test ARG Queries :test_tube:')
+      )
+      ||
+      (
+        github.event_name == 'workflow_dispatch'
+      )
+      ||
+      (
+        github.event_name == 'merge_group'
+      )
+
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
@@ -20,7 +51,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
-          ref: "refs/pull/${{ inputs.pr_number }}/merge"
+          ref: "refs/pull/${{ github.event.number }}/merge"
           fetch-depth: 2
 
       - name: Sanity Check
@@ -43,3 +74,17 @@ jobs:
       - name: Run KQL Syntax Check
         run: |
           pwsh .github/scripts/validate-kql-syntax.ps1
+
+  remove_label:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - run: |
+          gh pr edit ${{ github.event.pull_request.number }} --remove-label "PR: Safe to Test ARG Queries :test_tube:"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+
+