Skip to content

Commit 6ffc17f

Browse files
SaschaSchwarze0SaschaSchwarze0
committed
Do not use issue search to determine number of issue that was just created
Signed-off-by: Sascha Schwarze <schwarzs@de.ibm.com>
1 parent a71affe commit 6ffc17f

File tree

1 file changed

+8
-9
lines changed

1 file changed

+8
-9
lines changed

.github/report-release-vulnerabilities.sh

+8-9
Original file line numberDiff line numberDiff line change
@@ -118,21 +118,20 @@ if [ "$(jq length <<<"${issues}")" == "0" ]; then
118118
--assignee "${assignees}" \
119119
--label release-vulnerabilities \
120120
--title "Vulnerabilities found in latest release ${RELEASE_TAG}" \
121-
--body-file /tmp/report.md
121+
--body-file /tmp/report.md | tee /tmp/gh_issue
122122

123-
issues="$(gh issue list --label release-vulnerabilities --json number)"
124-
issueNumber="$(jq '.[0].number' <<<"${issues}")"
123+
issueIdentifier="$(</tmp/gh_issue)"
125124
fi
126125
else
127-
issueNumber="$(jq '.[0].number' <<<"${issues}")"
126+
issueIdentifier="$(jq '.[0].number' <<<"${issues}")"
128127
if [ "${hasVulnerabilities}" == "true" ]; then
129128
# update issue
130-
echo "[INFO] Updating existing issue ${issueNumber}"
131-
gh issue edit "${issueNumber}" \
129+
echo "[INFO] Updating existing issue ${issueIdentifier}"
130+
gh issue edit "${issueIdentifier}" \
132131
--add-assignee "${assignees}" \
133132
--body-file /tmp/report.md
134133
else
135-
gh issue close "${issueNumber}" \
134+
gh issue close "${issueIdentifier}" \
136135
--comment "No vulnerabilities found in the latest release ${RELEASE_TAG}" \
137136
--reason completed
138137
fi
@@ -145,7 +144,7 @@ if [ "${hasVulnerabilities}" == "true" ] && [ "${allVulnerabilitiesFixedByRebuil
145144
# check if tag already exists
146145
if gh release view "${nextTag}" >/dev/null 2>&1; then
147146
echo "[INFO] There is already a new tag ${nextTag} which seemingly was not yet released by a maintainer"
148-
gh issue comment "${issueNumber}" --body "All existing vulnerabilities in ${RELEASE_TAG} can be fixed by a rebuild, but such a rebuild seemingly already exists as ${nextTag}. A maintainer must release this."
147+
gh issue comment "${issueIdentifier}" --body "All existing vulnerabilities in ${RELEASE_TAG} can be fixed by a rebuild, but such a rebuild seemingly already exists as ${nextTag}. A maintainer must release this."
149148
else
150149
echo "[INFO] Triggering build of release ${nextTag} for branch ${RELEASE_BRANCH}"
151150
gh workflow run release.yaml \
@@ -154,6 +153,6 @@ if [ "${hasVulnerabilities}" == "true" ] && [ "${allVulnerabilitiesFixedByRebuil
154153
--raw-field "tags=${RELEASE_TAG}" \
155154
--raw-field "release=${nextTag}"
156155

157-
gh issue comment "${issueNumber}" --body "Triggered a release build in branch ${RELEASE_BRANCH} for ${nextTag}. Please check whether this succeeded. A maintainer must release this."
156+
gh issue comment "${issueIdentifier}" --body "Triggered a release build in branch ${RELEASE_BRANCH} for ${nextTag}. Please check whether this succeeded. A maintainer must release this."
158157
fi
159158
fi

0 commit comments

Comments
 (0)