Instadapp/dsa-connectors
1
0
Fork 0
mirror of https://github.com/Instadapp/dsa-connectors.git synced 2024-07-29 22:37:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor PR status check pipeline to run status check in an isolated environment and comment from a different workflow, Also restricted permissions of the status check workflow

Browse Source
This commit is contained in:
Ishan Jain 2022-02-21 01:20:33 +05:30
parent 64d52604ec
commit ffe0359ca8
2 changed files with 59 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
.github/workflows/comment-pr.yml vendored Normal file
View File

@ -0,0 +1,51 @@
name: Comment on PR
on:
workflow_run:
workflows: ["PR status checks"]
types:
- completed
jobs:
comment:
runs-on: ubuntu-latest
if: >
${{ github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success'
}}
steps:
- name: Download Artifact
uses: actions/github-script@v3
with:
script: |
let artifacts = await github.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{ github.event.workflow_run.id }},
});
let artifact = artifacts.data.artifacts.filter(artifact => {
return artifact.name == "pr"
})[0];
let download = await github.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: artifact.id,
archive_format: 'zip',
});
let fs = require('fs');
fs.writeFileSync('${{ github.workspace }}/pr.zip', Buffer.from(download.data));
- run: unzip pr.zip
- name: Comment on PR
uses: actions/github-script@v3
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
let fs = require('fs');
let prNumber = Number(fs.readFileSync("./number"));
let statusCheck = fs.readFileSync("./status-check-output");
await github.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: prNumber,
body: '```' + statusCheck + '```',
});

20
.github/workflows/status.yml vendored
View File

@ -1,12 +1,13 @@
name: PR status checks name: PR status checks
on: on:
# This is so the status check can run on forks.
pull_request_target: pull_request_target:
types: [assigned, opened, synchronize, reopened] types: [assigned, opened, synchronize, reopened]
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write
strategy: strategy:
matrix: matrix:
node-version: [16.x] node-version: [16.x]
@ -37,15 +38,10 @@ jobs:
output="${output//'%'/'%25'}" output="${output//'%'/'%25'}"
output="${output//$'\n'/'%0A'}" output="${output//$'\n'/'%0A'}"
output="${output//$'\r'/'%0D'}" output="${output//$'\r'/'%0D'}"
echo "::set-output name=status_check_output::$output" cat <<< "$output" > "./pr/status-check-output"
env: echo ${{ github.event.number }} > ./pr/number
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - uses: actions/upload-artifact@v2
- name: Auto Comment Status Check Result
# Use with caution
uses: bubkoo/auto-comment@v1
with: with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} name: pr
pullRequestSynchronize: "```${{ steps.status_check.outputs.status_check_output }}```" path: pr/
pullRequestAssigned: "```${{ steps.status_check.outputs.status_check_output }}```" retention-days: 1
pullRequestOpened: "```${{ steps.status_check.outputs.status_check_output }}```"
pullRequestReopened: "```${{ steps.status_check.outputs.status_check_output }}```"