-
Notifications
You must be signed in to change notification settings - Fork 4
157 lines (145 loc) · 5.77 KB
/
issue-write.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
name: Comment on an issue
on:
workflow_run:
workflows:
- "Check code formatting"
- "Check for private emails used in PRs"
- "PR Request Release Note"
types:
- completed
permissions:
contents: read
jobs:
pr-comment:
runs-on: ubuntu-latest
permissions:
pull-requests: write
if: >
github.event.workflow_run.event == 'pull_request' &&
(
github.event.workflow_run.conclusion == 'success' ||
github.event.workflow_run.conclusion == 'failure'
)
steps:
- name: Fetch Sources
uses: actions/checkout@v4
with:
sparse-checkout: |
.github/workflows/unprivileged-download-artifact/action.yml
sparse-checkout-cone-mode: false
- name: 'Download artifact'
uses: ./.github/workflows/unprivileged-download-artifact
id: download-artifact
with:
run-id: ${{ github.event.workflow_run.id }}
artifact-name: workflow-args
- name: 'Comment on PR'
if: steps.download-artifact.outputs.artifact-id != ''
uses: actions/github-script@v3
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
var fs = require('fs');
const comments = JSON.parse(fs.readFileSync('./comments'));
if (!comments || comments.length == 0) {
return;
}
let runInfo = await github.actions.getWorkflowRun({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id
});
console.log(runInfo);
// Query to find the number of the pull request that triggered this job.
// The associated pull requests are based off of the branch name, so if
// you create a pull request for a branch, close it, and then create
// another pull request with the same branch, then this query will return
// two associated pull requests. This is why we have to fetch all the
// associated pull requests and then iterate through them to find the
// one that is open.
const gql_query = `
query($repo_owner : String!, $repo_name : String!, $branch: String!) {
repository(owner: $repo_owner, name: $repo_name) {
ref (qualifiedName: $branch) {
associatedPullRequests(first: 100) {
nodes {
baseRepository {
owner {
login
}
}
number
state
}
}
}
}
}
`
const gql_variables = {
repo_owner: runInfo.data.head_repository.owner.login,
repo_name: runInfo.data.head_repository.name,
branch: runInfo.data.head_branch
}
const gql_result = await github.graphql(gql_query, gql_variables);
console.log(gql_result);
// If the branch for the PR was deleted before this job has a chance
// to run, then the ref will be null. This can happen if someone:
// 1. Rebase the PR, which triggers some workflow.
// 2. Immediately merges the PR and deletes the branch.
// 3. The workflow finishes and triggers this job.
if (!gql_result.repository.ref) {
console.log("Ref has been deleted");
return;
}
console.log(gql_result.repository.ref.associatedPullRequests.nodes);
var pr_number = 0;
gql_result.repository.ref.associatedPullRequests.nodes.forEach((pr) => {
// The largest PR number is the one we care about. The only way
// to have more than one associated pull requests is if all the
// old pull requests are in the closed state.
if (pr.baseRepository.owner.login = context.repo.owner && pr.number > pr_number) {
pr_number = pr.number;
}
});
if (pr_number == 0) {
console.log("Error retrieving pull request number");
return;
}
await comments.forEach(function (comment) {
if (comment.id) {
// Security check: Ensure that this comment was created by
// the github-actions bot, so a malicious input won't overwrite
// a user's comment.
github.issues.getComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: comment.id
}).then((old_comment) => {
console.log(old_comment);
if (old_comment.data.user.login != "github-actions[bot]") {
console.log("Invalid comment id: " + comment.id);
return;
}
github.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: pr_number,
comment_id: comment.id,
body: comment.body
});
});
} else {
github.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: pr_number,
body: comment.body
});
}
});
- name: Dump comments file
if: >-
always() &&
steps.download-artifact.outputs.artifact-id != ''
run: cat comments