Replace maintain-one-comment action with our own (#181)

This is a security hazard as adding/editing a comment to/from a PR requires the pull request write permission. Given it's very simple to implement what we need, let's avoid using an external action.
quarkiverse · Aug 12, 2024 · 1c5aa0b · 1c5aa0b
1 parent acd7195
commit 1c5aa0b
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 15 deletions.
diff --git a/.github/workflows/preview.yml b/.github/workflows/preview.yml
@@ -42,23 +42,24 @@ jobs:
         run: npx surge ./ --domain https://quarkiverse-docs-pr-${{ steps.pr.outputs.id }}-preview.surge.sh --token ${{ secrets.SURGE_TOKEN }}
 
       - name: Update PR status comment on success
-        uses: actions-cool/maintain-one-comment@v3
+        uses: quarkusio/action-helpers@main
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          action: maintain-one-comment
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          pr-number: ${{ steps.pr.outputs.id }}
           body: |
             🚀 PR Preview ${{ github.sha }} has been successfully built and deployed to https://quarkiverse-docs-pr-${{ steps.pr.outputs.id }}-preview.surge.sh
-            <!-- Sticky Pull Request Comment -->
-          body-include: '<!-- Sticky Pull Request Comment -->'
-          number: ${{ steps.pr.outputs.id }}
 
+            <img width="300" src="https://user-images.githubusercontent.com/507615/90250366-88233900-de6e-11ea-95a5-84f0762ffd39.png">
+          body-marker: <!-- Preview status comment marker -->
       - name: Update PR status comment on failure
+        uses: quarkusio/action-helpers@main
         if: ${{ failure() }}
-        uses: actions-cool/maintain-one-comment@v3
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          action: maintain-one-comment
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          pr-number: ${{ steps.pr.outputs.id }}
           body: |
             😭 Deploy PR Preview failed.
             <img width="300" src="https://user-images.githubusercontent.com/507615/90250824-4e066700-de6f-11ea-8230-600ecc3d6a6b.png">
-            <!-- Sticky Pull Request Comment -->
-          body-include: '<!-- Sticky Pull Request Comment -->'
-          number: ${{ steps.pr.outputs.id }}
+          body-marker: <!-- Preview status comment marker -->
diff --git a/.github/workflows/preview_teardown.yml b/.github/workflows/preview_teardown.yml
@@ -8,16 +8,18 @@ on:
 jobs:
   preview:
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write # Required to update PR status comment
     steps:
       - name: Teardown surge preview
         id: deploy
         run: npx surge teardown https://quarkiverse-docs-pr-${{ github.event.number }}-preview.surge.sh --token ${{ secrets.SURGE_TOKEN }} || true
       - name: Update PR status comment
-        uses: actions-cool/maintain-one-comment@v3
+        uses: quarkusio/action-helpers@main
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          action: maintain-one-comment
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          pr-number: ${{ github.event.number }}
           body: |
             🙈 The PR is closed and the preview is expired.
-            <!-- Sticky Pull Request Comment -->
-          body-include: '<!-- Sticky Pull Request Comment -->'
-          number: ${{ github.event.number }}
+          body-marker: <!-- Preview status comment marker -->