Skip to content

Commit 2d69508

Browse files
yeisonvargasfyeisonvargasf
authored
ci: resolve PR number via graphql API and update artifacts message (#789)
1 parent f14b3b4 commit 2d69508

File tree

1 file changed

+47
-15
lines changed

1 file changed

+47
-15
lines changed

.github/workflows/pr-comment.yml

Lines changed: 47 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -8,37 +8,69 @@ on:
88
permissions:
99
issues: write
1010
actions: read
11+
pull-requests: read
1112

1213
jobs:
1314
comment:
1415
if: >
1516
${{ github.event.workflow_run.event == 'pull_request' &&
16-
github.event.workflow_run.conclusion == 'success' &&
17-
(github.event.workflow_run.pull_requests && github.event.workflow_run.pull_requests[0]) }}
17+
github.event.workflow_run.conclusion == 'success' }}
1818
runs-on: ubuntu-24.04
1919
steps:
2020
- name: Comment PR
2121
uses: actions/github-script@v7
2222
with:
2323
script: |
2424
const run = context.payload.workflow_run
25-
const pr = (run.pull_requests && run.pull_requests[0]) || null
25+
const owner = context.payload?.repository?.owner?.login || context.repo.owner
26+
const repo = context.payload?.repository?.name || context.repo.repo
27+
let pr = (run.pull_requests && run.pull_requests[0]) || null
28+
29+
// Resolve PR number via GraphQL Search API
30+
if (!pr) {
31+
try {
32+
const q = `repo:${owner}/${repo} is:pr is:open sha:${run.head_sha}`
33+
const query = `
34+
query($q: String!) {
35+
search(query: $q, type: ISSUE, first: 1) {
36+
nodes {
37+
... on PullRequest { number }
38+
}
39+
}
40+
}
41+
`
42+
const resp = await github.graphql(query, { q })
43+
const node = resp?.search?.nodes?.[0]
44+
if (node?.number) {
45+
const { data: prData } = await github.rest.pulls.get({ owner, repo, pull_number: node.number })
46+
pr = prData
47+
}
48+
} catch (e) {
49+
core.warning(`Failed to resolve PR by search: ${e.message}`)
50+
}
51+
}
52+
2653
if (!pr) {
2754
core.info('No associated PR found; skipping comment.')
2855
return
2956
}
3057
3158
const runId = run.id
32-
const artifactsUrl = `${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${runId}/`
59+
const artifactsUrl = `${context.serverUrl}/${owner}/${repo}/actions/runs/${runId}/`
3360
const prNumber = pr.number
3461
const author = pr.user?.login || run.actor?.login || 'unknown'
3562
const forkRepo = (pr.head && pr.head.repo && pr.head.repo.full_name) ? pr.head.repo.full_name : `${author}:unknown-repo`
36-
const diffUrl = `${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/pull/${prNumber}/files`
63+
const diffUrl = `${context.serverUrl}/${owner}/${repo}/pull/${prNumber}/files`
64+
const isSameRepo = (pr.head?.repo?.full_name || '').toLowerCase() === `${owner}/${repo}`.toLowerCase()
65+
const prContext = isSameRepo
66+
? `PR #${prNumber} by @${author}`
67+
: `PR #${prNumber} by @${author} (source: ${forkRepo})`
68+
const title = `## 🚀 Artifacts — ${prContext}`
3769
3870
const comment = `
39-
## 🚀 Build artifacts are ready for testing!
71+
${title}
4072
41-
> Security notice: You are viewing pre-release CI artifacts from PR #${prNumber} by @${author} (source: ${forkRepo}). These commands may execute code on your machine. Do NOT run them unless you have reviewed the [PR diff](${diffUrl}) and trust the source. The snippets include a confirmation prompt.
73+
> Security notice: You are viewing pre-release CI artifacts from ${prContext}. These commands may execute code on your machine. Do NOT run them unless you have reviewed the [PR diff](${diffUrl}) and trust the source. The snippets include a confirmation prompt.
4274
4375
Download the wheel file and binaries with gh CLI or from the [workflow artifacts](${artifactsUrl}).
4476
@@ -55,7 +87,7 @@ jobs:
5587
5688
#### Quick Test with Python Package
5789
\`\`\`bash
58-
bash -c 'set -euo pipefail; printf "\n%s\n\n" "WARNING: You are about to download and execute CI artifacts from PR #${prNumber} by @${author} (source: ${forkRepo}). Do NOT proceed unless you have reviewed the PR diff and trust the source."; printf "%s" "Type I understand to continue: "; read -r C; [ "$C" = "I understand" ] || { echo Aborted.; exit 1; }; gh run download ${runId} -n dist -R ${context.repo.owner}/${context.repo.repo}; uvx ./dist/safety-*-py3-none-any.whl --version'
90+
bash -c 'set -euo pipefail; echo; echo "WARNING: You are about to download and execute CI artifacts from ${prContext}. Do NOT proceed unless you have reviewed the PR diff and trust the source."; echo; read -rp "Type I understand to continue: " C; [ "$C" = "I understand" ] || { echo "Aborted."; exit 1; }; gh run download ${runId} -n dist -R ${owner}/${repo}; uvx ./dist/safety-*-py3-none-any.whl --version'
5991
\`\`\`
6092
6193
#### Run other Safety commands as follows
@@ -69,27 +101,27 @@ jobs:
69101
`
70102
71103
const { data: comments } = await github.rest.issues.listComments({
72-
owner: context.repo.owner,
73-
repo: context.repo.repo,
104+
owner,
105+
repo,
74106
issue_number: pr.number,
75107
})
76108
77109
const botComment = comments.find(c =>
78110
c.user?.type === 'Bot' &&
79-
c.body?.includes('Build artifacts are ready for testing!')
111+
c.body?.includes('Artifacts')
80112
)
81113
82114
if (botComment) {
83115
await github.rest.issues.updateComment({
84-
owner: context.repo.owner,
85-
repo: context.repo.repo,
116+
owner,
117+
repo,
86118
comment_id: botComment.id,
87119
body: comment,
88120
})
89121
} else {
90122
await github.rest.issues.createComment({
91-
owner: context.repo.owner,
92-
repo: context.repo.repo,
123+
owner,
124+
repo,
93125
issue_number: pr.number,
94126
body: comment,
95127
})

0 commit comments

Comments
 (0)