-
Notifications
You must be signed in to change notification settings - Fork 90
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add PR comment when integration tests need review
Fixes #824
- Loading branch information
1 parent
c8d6838
commit 3ffbe2a
Showing
2 changed files
with
55 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
name: Integration Tests PR Comment | ||
|
||
on: | ||
workflow_run: | ||
workflows: [Integration Tests] | ||
types: [completed] | ||
|
||
jobs: | ||
integration-tests-pr-comment: | ||
runs-on: ubuntu-latest | ||
if: > | ||
github.event.workflow_run.event == 'pull_request_target' && | ||
github.event.workflow_run.conclusion == 'failure' | ||
steps: | ||
- name: Fetch user permission | ||
id: permission | ||
uses: actions-cool/check-user-permission@v2 | ||
with: | ||
require: write | ||
username: ${{ github.triggering_actor }} | ||
|
||
- name: Add PR comment when user does not have write permission | ||
# The name of the output require-result is a bit confusing, but when its value | ||
# is 'false', it means that the triggering actor does NOT have the required | ||
# permission. | ||
if: steps.permission.outputs.require-result == 'false' | ||
|
||
# If the triggering actor does not have write permission, then we want to add | ||
# a PR comment indicating a security review is required because we know that | ||
# the integration tests "failed" due to lack of permission (i.e., they were | ||
# actually "aborted" without running any tests). | ||
uses: actions/github-script@v7 | ||
with: | ||
script: | | ||
const { number, html_url } = (await github.rest.repos.listPullRequestsAssociatedWithCommit({ | ||
commit_sha: context.sha, | ||
owner: "${{ github.event.workflow_run.head_repository.owner.login }}", | ||
repo: "${{ github.event.workflow_run.head_repository.name }}", | ||
})).data[0] ?? {}; | ||
if (number) { | ||
github.rest.issues.createComment({ | ||
issue_number: number, | ||
owner: context.repo.owner, | ||
repo: context.repo.repo, | ||
body: "User [${{ github.triggering_actor }}](${{ github.event.workflow_run.head_repository.owner.html_url }})" | ||
+ " does not have permission to run integration tests. A maintainer must perform a security review of the" | ||
+ ` [code changes in this pull request](${html_url}/files) and re-run the` | ||
+ " [failed integration tests jobs](${{ github.event.workflow_run.html_url }})," | ||
+ " if the code is deemed safe.", | ||
}); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters