From 4593ae93ae39d0c33ef9edc667fe3425fcf61b28 Mon Sep 17 00:00:00 2001
From: Natalia <124304+nessita@users.noreply.github.com>
Date: Fri, 27 Mar 2026 22:41:10 -0300
Subject: Added automated quality checks for PRs as a GitHub Actions workflow.

This work adds automated PR quality checks as a GitHub Actions workflow
to enforce contribution requirements consistently and reduce the manual
burden on reviewers for incoming PRs.

Thanks to the many reviewers providing meaningful feedback.

Co-authored-by: Frank Wiles <frank@revsys.com>
---
 .github/workflows/check_pr_quality.yml | 48 ++++++++++++++++++++++++++++++++++
 .github/workflows/tests.yml            | 15 +++++++++++
 2 files changed, 63 insertions(+)
 create mode 100644 .github/workflows/check_pr_quality.yml

(limited to '.github')

diff --git a/.github/workflows/check_pr_quality.yml b/.github/workflows/check_pr_quality.yml
new file mode 100644
index 0000000000..417ae5d201
--- /dev/null
+++ b/.github/workflows/check_pr_quality.yml
@@ -0,0 +1,48 @@
+name: PR Quality Checks
+
+on:
+  pull_request_target:
+    types: [ edited, opened, reopened, ready_for_review, synchronize ]
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  pr_quality:
+    name: Run Quality Checks on a PR
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+          # Checking out the default branch (not the PR head) is what makes
+          # pull_request_target safe: the workflow code always comes from the
+          # base repo, so a malicious PR cannot alter it.
+          ref: ${{ github.event.repository.default_branch }}
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: '3.14'
+      - name: Run PR quality checks
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_AUTHOR: ${{ github.event.pull_request.user.login }}
+          PR_BODY: ${{ github.event.pull_request.body }}
+          PR_TITLE: ${{ github.event.pull_request.title }}
+          PR_CREATED_AT: ${{ github.event.pull_request.created_at }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          PR_REPO: ${{ github.repository }}
+          # Only close PRs on the main Django repository; on forks the workflow
+          # runs in warning-only mode so contributors can test their PRs.
+          AUTOCLOSE: ${{ github.repository == 'django/django' }}
+          PYTHONPATH: scripts
+        run: python scripts/pr_quality/check_pr.py
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 411fc7736a..b0742eba69 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -60,3 +60,18 @@ jobs:
           cache-dependency-path: '**/package.json'
       - run: npm install
       - run: npm test
+
+  scripts-tests:
+    runs-on: ubuntu-latest
+    name: Scripts tests
+    timeout-minutes: 60
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: '3.14'
+      - run: python -m unittest discover -v -s scripts/
-- 
cgit v1.3