From 3ffbe2aea92650471e6a8729fb511be1e2b7bcd2 Mon Sep 17 00:00:00 2001 From: Chuck Daniels Date: Fri, 27 Sep 2024 10:19:53 -0400 Subject: [PATCH] Add PR comment when integration tests need review Fixes #824 --- .github/workflows/integration-test-review.yml | 52 +++++++++++++++++++ CHANGELOG.md | 3 ++ 2 files changed, 55 insertions(+) create mode 100644 .github/workflows/integration-test-review.yml diff --git a/.github/workflows/integration-test-review.yml b/.github/workflows/integration-test-review.yml new file mode 100644 index 00000000..b9cefb9c --- /dev/null +++ b/.github/workflows/integration-test-review.yml @@ -0,0 +1,52 @@ +name: Integration Tests PR Comment + +on: + workflow_run: + workflows: [Integration Tests] + types: [completed] + +jobs: + integration-tests-pr-comment: + runs-on: ubuntu-latest + if: > + github.event.workflow_run.event == 'pull_request_target' && + github.event.workflow_run.conclusion == 'failure' + steps: + - name: Fetch user permission + id: permission + uses: actions-cool/check-user-permission@v2 + with: + require: write + username: ${{ github.triggering_actor }} + + - name: Add PR comment when user does not have write permission + # The name of the output require-result is a bit confusing, but when its value + # is 'false', it means that the triggering actor does NOT have the required + # permission. + if: steps.permission.outputs.require-result == 'false' + + # If the triggering actor does not have write permission, then we want to add + # a PR comment indicating a security review is required because we know that + # the integration tests "failed" due to lack of permission (i.e., they were + # actually "aborted" without running any tests). + uses: actions/github-script@v7 + with: + script: | + const { number, html_url } = (await github.rest.repos.listPullRequestsAssociatedWithCommit({ + commit_sha: context.sha, + owner: "${{ github.event.workflow_run.head_repository.owner.login }}", + repo: "${{ github.event.workflow_run.head_repository.name }}", + })).data[0] ?? {}; + + if (number) { + github.rest.issues.createComment({ + issue_number: number, + owner: context.repo.owner, + repo: context.repo.repo, + body: "User [${{ github.triggering_actor }}](${{ github.event.workflow_run.head_repository.owner.html_url }})" + + " does not have permission to run integration tests. A maintainer must perform a security review of the" + + ` [code changes in this pull request](${html_url}/files) and re-run the` + + " [failed integration tests jobs](${{ github.event.workflow_run.html_url }})," + + " if the code is deemed safe.", + }); + } diff --git a/CHANGELOG.md b/CHANGELOG.md index ab69d69c..c7493b46 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,9 @@ (@chuckwondo) - Add `nox` session for running integration tests locally ([#815](https://github.com/nsidc/earthaccess/issues/815)) (@chuckwondo) +- Auto-add comment to PR that requires maintainer to review and re-run + integration tests ([#824](https://github.com/nsidc/earthaccess/issues/824)) + (@chuckwondo) ### Removed