Merge pull request #1787 from SaschaSchwarze0/sascha-issue-identifier

Do not use issue search to determine number of issue that was just created
shipwright-io · Jan 29, 2025 · 1a45663 · 1a45663
2 parents 3be91a2 + 6ffc17f
commit 1a45663
Showing 1 changed file with 8 additions and 9 deletions.
diff --git a/.github/report-release-vulnerabilities.sh b/.github/report-release-vulnerabilities.sh
@@ -118,21 +118,20 @@ if [ "$(jq length <<<"${issues}")" == "0" ]; then
       --assignee "${assignees}" \
       --label release-vulnerabilities \
       --title "Vulnerabilities found in latest release ${RELEASE_TAG}" \
-      --body-file /tmp/report.md
+      --body-file /tmp/report.md | tee /tmp/gh_issue
 
-    issues="$(gh issue list --label release-vulnerabilities --json number)"
-    issueNumber="$(jq '.[0].number' <<<"${issues}")"
+    issueIdentifier="$(</tmp/gh_issue)"
   fi
 else
-  issueNumber="$(jq '.[0].number' <<<"${issues}")"
+  issueIdentifier="$(jq '.[0].number' <<<"${issues}")"
   if [ "${hasVulnerabilities}" == "true" ]; then
     # update issue
-    echo "[INFO] Updating existing issue ${issueNumber}"
-    gh issue edit "${issueNumber}" \
+    echo "[INFO] Updating existing issue ${issueIdentifier}"
+    gh issue edit "${issueIdentifier}" \
       --add-assignee "${assignees}" \
       --body-file /tmp/report.md
   else
-    gh issue close "${issueNumber}" \
+    gh issue close "${issueIdentifier}" \
       --comment  "No vulnerabilities found in the latest release ${RELEASE_TAG}" \
       --reason completed
   fi
@@ -145,7 +144,7 @@ if [ "${hasVulnerabilities}" == "true" ] && [ "${allVulnerabilitiesFixedByRebuil
   # check if tag already exists
   if gh release view "${nextTag}" >/dev/null 2>&1; then
     echo "[INFO] There is already a new tag ${nextTag} which seemingly was not yet released by a maintainer"
-    gh issue comment "${issueNumber}" --body "All existing vulnerabilities in ${RELEASE_TAG} can be fixed by a rebuild, but such a rebuild seemingly already exists as ${nextTag}. A maintainer must release this."
+    gh issue comment "${issueIdentifier}" --body "All existing vulnerabilities in ${RELEASE_TAG} can be fixed by a rebuild, but such a rebuild seemingly already exists as ${nextTag}. A maintainer must release this."
   else
     echo "[INFO] Triggering build of release ${nextTag} for branch ${RELEASE_BRANCH}"
     gh workflow run release.yaml \
@@ -154,6 +153,6 @@ if [ "${hasVulnerabilities}" == "true" ] && [ "${allVulnerabilitiesFixedByRebuil
       --raw-field "tags=${RELEASE_TAG}" \
       --raw-field "release=${nextTag}"
 
-    gh issue comment "${issueNumber}" --body "Triggered a release build in branch ${RELEASE_BRANCH} for ${nextTag}. Please check whether this succeeded. A maintainer must release this."
+    gh issue comment "${issueIdentifier}" --body "Triggered a release build in branch ${RELEASE_BRANCH} for ${nextTag}. Please check whether this succeeded. A maintainer must release this."
   fi
 fi