|
|
|
|
@ -8,9 +8,17 @@ jobs:
|
|
|
|
|
trigger:
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
if: github.repository == 'sveltejs/svelte' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/ecosystem-ci run')
|
|
|
|
|
permissions:
|
|
|
|
|
issues: write # to add / delete reactions
|
|
|
|
|
pull-requests: read # to read PR data
|
|
|
|
|
actions: read # to check workflow status
|
|
|
|
|
contents: read # to clone the repo
|
|
|
|
|
steps:
|
|
|
|
|
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
|
|
|
|
|
- uses: actions/github-script@v6
|
|
|
|
|
- name: monitor action permissions
|
|
|
|
|
uses: GitHubSecurityLab/actions-permissions/monitor@v1
|
|
|
|
|
- name: check user authorization # user needs triage permission
|
|
|
|
|
uses: actions/github-script@v7
|
|
|
|
|
id: check-permissions
|
|
|
|
|
with:
|
|
|
|
|
script: |
|
|
|
|
|
const user = context.payload.sender.login
|
|
|
|
|
@ -29,7 +37,7 @@ jobs:
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (hasTriagePermission) {
|
|
|
|
|
console.log('Allowed')
|
|
|
|
|
console.log('User is allowed. Adding +1 reaction.')
|
|
|
|
|
await github.rest.reactions.createForIssueComment({
|
|
|
|
|
owner: context.repo.owner,
|
|
|
|
|
repo: context.repo.repo,
|
|
|
|
|
@ -37,16 +45,18 @@ jobs:
|
|
|
|
|
content: '+1',
|
|
|
|
|
})
|
|
|
|
|
} else {
|
|
|
|
|
console.log('Not allowed')
|
|
|
|
|
console.log('User is not allowed. Adding -1 reaction.')
|
|
|
|
|
await github.rest.reactions.createForIssueComment({
|
|
|
|
|
owner: context.repo.owner,
|
|
|
|
|
repo: context.repo.repo,
|
|
|
|
|
comment_id: context.payload.comment.id,
|
|
|
|
|
content: '-1',
|
|
|
|
|
})
|
|
|
|
|
throw new Error('not allowed')
|
|
|
|
|
throw new Error('User does not have the necessary permissions.')
|
|
|
|
|
}
|
|
|
|
|
- uses: actions/github-script@v6
|
|
|
|
|
|
|
|
|
|
- name: Get PR Data
|
|
|
|
|
uses: actions/github-script@v7
|
|
|
|
|
id: get-pr-data
|
|
|
|
|
with:
|
|
|
|
|
script: |
|
|
|
|
|
@ -59,21 +69,27 @@ jobs:
|
|
|
|
|
return {
|
|
|
|
|
num: context.issue.number,
|
|
|
|
|
branchName: pr.head.ref,
|
|
|
|
|
commit: pr.head.sha,
|
|
|
|
|
repo: pr.head.repo.full_name
|
|
|
|
|
}
|
|
|
|
|
- id: generate-token
|
|
|
|
|
uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 #keep pinned for security reasons, currently 1.8.0
|
|
|
|
|
|
|
|
|
|
- name: Generate Token
|
|
|
|
|
id: generate-token
|
|
|
|
|
uses: actions/create-github-app-token@v2
|
|
|
|
|
with:
|
|
|
|
|
app_id: ${{ secrets.ECOSYSTEM_CI_GITHUB_APP_ID }}
|
|
|
|
|
private_key: ${{ secrets.ECOSYSTEM_CI_GITHUB_APP_PRIVATE_KEY }}
|
|
|
|
|
repository: '${{ github.repository_owner }}/svelte-ecosystem-ci'
|
|
|
|
|
- uses: actions/github-script@v6
|
|
|
|
|
app-id: ${{ secrets.ECOSYSTEM_CI_GITHUB_APP_ID }}
|
|
|
|
|
private-key: ${{ secrets.ECOSYSTEM_CI_GITHUB_APP_PRIVATE_KEY }}
|
|
|
|
|
repositories: |
|
|
|
|
|
svelte
|
|
|
|
|
svelte-ecosystem-ci
|
|
|
|
|
|
|
|
|
|
- name: Trigger Downstream Workflow
|
|
|
|
|
uses: actions/github-script@v7
|
|
|
|
|
id: trigger
|
|
|
|
|
env:
|
|
|
|
|
COMMENT: ${{ github.event.comment.body }}
|
|
|
|
|
with:
|
|
|
|
|
github-token: ${{ steps.generate-token.outputs.token }}
|
|
|
|
|
result-encoding: string
|
|
|
|
|
script: |
|
|
|
|
|
const comment = process.env.COMMENT.trim()
|
|
|
|
|
const prData = ${{ steps.get-pr-data.outputs.result }}
|
|
|
|
|
@ -89,6 +105,7 @@ jobs:
|
|
|
|
|
prNumber: '' + prData.num,
|
|
|
|
|
branchName: prData.branchName,
|
|
|
|
|
repo: prData.repo,
|
|
|
|
|
commit: prData.commit,
|
|
|
|
|
suite: suite === '' ? '-' : suite
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
|
Dominik G.
2 months ago
committed by
GitHub