Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork5.5k
feat(deps): upgradehookable to v6#36597
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| name:ecosystem-ci trigger | |
| on: | |
| issue_comment: | |
| types:[created] | |
| permissions:{} | |
| jobs: | |
| trigger: | |
| runs-on:ubuntu-latest | |
| if:github.repository == 'nuxt/nuxt' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/ecosystem-ci run') | |
| permissions: | |
| issues:write# to add reactions and post comments | |
| pull-requests:read# to read PR data | |
| steps: | |
| -uses:actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd# v8.0.0 | |
| with: | |
| script:| | |
| const user = context.payload.sender.login | |
| console.log(`Validate user: ${user}`) | |
| let hasTriagePermission =false | |
| try { | |
| const { data } = await github.rest.repos.getCollaboratorPermissionLevel({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| username: user, | |
| }); | |
| hasTriagePermission = data.user.permissions.triage | |
| } catch (e) { | |
| console.warn(e) | |
| } | |
| if (hasTriagePermission) { | |
| console.log('User is allowed. Adding +1 reaction.') | |
| await github.rest.reactions.createForIssueComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| comment_id: context.payload.comment.id, | |
| content: '+1', | |
| }) | |
| } else { | |
| console.log('User is not allowed. Adding -1 reaction.') | |
| await github.rest.reactions.createForIssueComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| comment_id: context.payload.comment.id, | |
| content: '-1', | |
| }) | |
| throw new Error('User does not have the necessary permissions.') | |
| } | |
| -uses:actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd# v8.0.0 | |
| id:get-pr-data | |
| with: | |
| script:| | |
| console.log(`Get PR info: ${context.repo.owner}/${context.repo.repo}#${context.issue.number}`) | |
| const { data: pr } = await github.rest.pulls.get({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| pull_number: context.issue.number | |
| }) | |
| const commentCreatedAt = new Date(context.payload.comment.created_at) | |
| const commitPushedAt = new Date(pr.head.repo.pushed_at) | |
| console.log(`Comment created at: ${commentCreatedAt.toISOString()}`) | |
| console.log(`PR last pushed at: ${commitPushedAt.toISOString()}`) | |
| // Check if any commits were pushed after the comment was created | |
| if (commitPushedAt > commentCreatedAt) { | |
| const errorMsg = [ | |
| '⚠️ Security warning: PR was updated after the trigger command was posted.', | |
| '', | |
| `Comment posted at: ${commentCreatedAt.toISOString()}`, | |
| `PR last pushed at: ${commitPushedAt.toISOString()}`, | |
| '', | |
| 'This could indicate an attempt to inject code after approval.', | |
| 'Please review the latest changes and re-run /ecosystem-ci run if they are acceptable.' | |
| ].join('\n') | |
| core.setFailed(errorMsg) | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.issue.number, | |
| body: errorMsg | |
| }) | |
| throw new Error('PR was pushed to after comment was created') | |
| } | |
| core.setOutput('head_sha', pr.head.sha) | |
| return { | |
| num: context.issue.number, | |
| branchName: pr.head.ref, | |
| commit: pr.head.sha, | |
| repo: pr.head.repo.full_name | |
| } | |
| -id:generate-token | |
| uses:tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a# v2.1.0 | |
| with: | |
| app_id:${{ secrets.ECOSYSTEM_CI_GITHUB_APP_ID }} | |
| private_key:${{ secrets.ECOSYSTEM_CI_GITHUB_APP_PRIVATE_KEY }} | |
| installation_retrieval_payload:"${{ github.repository_owner }}/ecosystem-ci" | |
| -uses:actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd# v8.0.0 | |
| id:trigger | |
| env: | |
| COMMENT:${{ github.event.comment.body }} | |
| with: | |
| github-token:${{ steps.generate-token.outputs.token }} | |
| result-encoding:string | |
| script:| | |
| const comment = process.env.COMMENT.trim() | |
| const prData = ${{ steps.get-pr-data.outputs.result }} | |
| const suite = comment.split('\n')[0].replace(/^\/ecosystem-ci run/, '').trim() | |
| await github.rest.actions.createWorkflowDispatch({ | |
| owner: context.repo.owner, | |
| repo: 'ecosystem-ci', | |
| workflow_id: 'ecosystem-ci-from-pr.yml', | |
| ref: 'main', | |
| inputs: { | |
| prNumber: '' + prData.num, | |
| branchName: prData.branchName, | |
| repo: prData.repo, | |
| commit: prData.commit, | |
| suite: suite === '' ? '-' : suite | |
| } | |
| }) |