Skip to content

Commit

Permalink
Add PR comment when integration tests need review
Browse files Browse the repository at this point in the history
Fixes #824
  • Loading branch information
chuckwondo committed Oct 6, 2024
1 parent c8d6838 commit 3ffbe2a
Show file tree
Hide file tree
Showing 2 changed files with 55 additions and 0 deletions.
52 changes: 52 additions & 0 deletions .github/workflows/integration-test-review.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
name: Integration Tests PR Comment

on:
workflow_run:
workflows: [Integration Tests]
types: [completed]

jobs:
integration-tests-pr-comment:
runs-on: ubuntu-latest
if: >
github.event.workflow_run.event == 'pull_request_target' &&
github.event.workflow_run.conclusion == 'failure'
steps:
- name: Fetch user permission
id: permission
uses: actions-cool/check-user-permission@v2
with:
require: write
username: ${{ github.triggering_actor }}

- name: Add PR comment when user does not have write permission
# The name of the output require-result is a bit confusing, but when its value
# is 'false', it means that the triggering actor does NOT have the required
# permission.
if: steps.permission.outputs.require-result == 'false'

# If the triggering actor does not have write permission, then we want to add
# a PR comment indicating a security review is required because we know that
# the integration tests "failed" due to lack of permission (i.e., they were
# actually "aborted" without running any tests).
uses: actions/github-script@v7
with:
script: |
const { number, html_url } = (await github.rest.repos.listPullRequestsAssociatedWithCommit({
commit_sha: context.sha,
owner: "${{ github.event.workflow_run.head_repository.owner.login }}",
repo: "${{ github.event.workflow_run.head_repository.name }}",
})).data[0] ?? {};
if (number) {
github.rest.issues.createComment({
issue_number: number,
owner: context.repo.owner,
repo: context.repo.repo,
body: "User [${{ github.triggering_actor }}](${{ github.event.workflow_run.head_repository.owner.html_url }})"
+ " does not have permission to run integration tests. A maintainer must perform a security review of the"
+ ` [code changes in this pull request](${html_url}/files) and re-run the`
+ " [failed integration tests jobs](${{ github.event.workflow_run.html_url }}),"
+ " if the code is deemed safe.",
});
}
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@
(@chuckwondo)
- Add `nox` session for running integration tests locally
([#815](https://github.com/nsidc/earthaccess/issues/815)) (@chuckwondo)
- Auto-add comment to PR that requires maintainer to review and re-run
integration tests ([#824](https://github.com/nsidc/earthaccess/issues/824))
(@chuckwondo)

### Removed

Expand Down

0 comments on commit 3ffbe2a

Please sign in to comment.