-
Notifications
You must be signed in to change notification settings - Fork 1.2k
106 lines (101 loc) · 5.23 KB
/
comment-ops.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
name: comment-ops
on:
issue_comment:
types: [ created ]
# This action *ALWAYS* runs on main.
# Any changes done to it, will not have an effect, until said changes have landed on the main branch
# This has a side effect that always `head_ref == main` and `head_sha == main_head_sha`
# Therefore we can't find out easily which PR the comment that triggered the action belongs to
jobs:
configure:
# We *MUST* always check the author_association, which tells us if the person is an owner of the repo, or member of the org (i.e. has permissions)
# Otherwise they can execute arbitrary code if the triggered workflow (i.e. the build) is modified, as it's being run by the github-actions bot, and it always has permissions
if: |
(github.event.issue.author_association == 'OWNER' || github.event.issue.author_association == 'MEMBER') &&
(github.event.issue.pull_request && contains(github.event.comment.body, '/gh run')) &&
(contains(github.event.comment.body, 'recreate-vm'))
runs-on: [ self-hosted ]
# Technically we don't need these here, as we don't reuse them between jobs, but it's good to have them in a single place
outputs:
branch: ${{ steps.comment-branch.outputs.head_ref }}
run_url: ${{ steps.run_outputs.outputs.run_url }}
run_id: ${{ steps.run_outputs.outputs.run_id }}
recreate_vm: ${{ steps.configure.outputs.recreate-vm }}
steps:
# In order for us to find out from which PR the comment originates, we use the `xt0rted/pull-request-comment-branch@v1` action
- uses: xt0rted/pull-request-comment-branch@v1
id: comment-branch
# Set outputs we can reuse in the steps
- name: Set outputs
id: outputs
run: |
{
echo "recreate-vm=${{ contains(github.event.comment.body, 'recreate-vm') }}"
} >> $GITHUB_OUTPUT
# Trigger the build workflow with the input we got from the comment
# In the triggered job (build), we'll combine the information from the PR description, with the input we pass here
# Also we use workflow_dispatch, instead of a workflow_call ( uses: ./build.yaml with: ...)
# Because with the latter it's not possible to trigger a dynamic one (i.e. based on a branch) - the name has to be hardcoded
- name: Trigger Workflow
uses: actions/github-script@v6
with:
script: |
await github.rest.actions.createWorkflowDispatch({
owner: context.repo.owner,
repo: context.repo.repo,
workflow_id: 'build.yml',
ref: '${{ steps.comment-branch.outputs.head_ref }}',
inputs: {
"recreate_vm": '${{ steps.configure.outputs.recreate-vm }}'
}
})
# Getting the ID of the workflow we triggered above is a bit tricky, as it's async :(
# There is a trick we can do - add an input with a unique id, get the list of worklow runs, and check for that input in them until we can find it
# But it's an overkill for now
# Instead, we wait a little, and grab the last job that was triggered by a `workflow_dispatch` event, AND is not completed, and we hope for the best 🤞
- name: Get run URL
id: run_outputs
env:
GH_TOKEN: ${{ github.token }}
run: |
sleep 5
url=$(gh run list --repo '${{ github.repository }}' --workflow build.yaml -b ${{ steps.comment-branch.outputs.head_ref }} --json event,url,status -q '[.[] | select(.event=="workflow_dispatch") | select(.status!="completed").url][0]')
{
echo "run_url=${url}"
echo "run_id=${url##*/}"
} >> $GITHUB_OUTPUT
# Comment with a link to the job that got triggered
- uses: actions/github-script@v6
with:
github-token: ${{ github.token }}
script: |
let commentBody = '${{ github.event.comment.body }}'
commentBody += `\n\n#### Comment triggered a workflow run
Started workflow run: [${{ needs.configure.outputs.run_id }}](${{ needs.configure.outputs.run_url }})
* \`recreate_vm: ${{ steps.configure.outputs.recreate-vm }}\``
github.rest.issues.updateComment({
issue_number: ${{ github.event.issue.number }},
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: ${{ github.event.comment.id }},
body: commentBody
})
# Comment if this job failed, so there's some feedback
comment-fail:
if: (always() && contains(needs.*.result, 'failure'))
needs: [ configure ]
runs-on: [ self-hosted ]
steps:
- uses: actions/github-script@v6
with:
github-token: ${{ github.token }}
script: |
let commentBody = '${{ github.event.comment.body }}'
commentBody += "\n\n Chat ops job failed. See [${{ github.run_id }}](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details"
github.rest.issues.updateComment({
issue_number: ${{ github.event.issue.number }},
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: ${{ github.event.comment.id }},
body: commentBody
})