CI comment #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Uses `workflow_run` to securely add a comment to the PR that triggered CI. | |
| # | |
| # Important: For security, the `workflow_run` trigger runs the workflow from the default branch, | |
| # so any changes to this workflow must be made in the default branch to take effect. | |
| # | |
| # This workflow is necessary because PRs opened by external forks do not have write access to | |
| # their PR, so the PR-triggered workflow can't add comments to the PR. | |
| # If this was in the CI workflow, it'd be tidier and easier to debug but unfortunately that | |
| # isn't possible due to the lower security context that the CI workflow runs in. | |
| name: CI comment | |
| on: | |
| workflow_run: | |
| workflows: ["CI"] | |
| types: | |
| - completed | |
| jobs: | |
| summary: | |
| if: github.event.workflow_run.event == 'pull_request' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download summaries | |
| id: download | |
| uses: actions/download-artifact@v4 | |
| with: | |
| run-id: ${{ github.event.workflow_run.id }} | |
| pattern: summary-* | |
| path: summaries | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| # When the triggering workflow is running in a restricted security context, some | |
| # data is omitted from `github.event.workflow_run` (including `pull_requests`). | |
| # Therefore, we have to take some extra steps to find out the PR that triggered | |
| # the original workflow. The simplest way is to iterate through our open PRs and | |
| # find the one with the same head SHA as the triggering workflow. | |
| - name: Get PR number | |
| id: get-pr-number | |
| uses: actions/github-script@v6 | |
| with: | |
| script: | | |
| const head_sha = "${{ github.event.workflow_run.head_sha }}"; | |
| console.log("Finding PR for SHA:", head_sha); | |
| const { data: prs } = await github.rest.pulls.list({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| state: 'open', | |
| }); | |
| const pr = prs.find(pr => pr.head.sha === head_sha); | |
| if (pr) { | |
| console.log("Found PR:", pr.number); | |
| return pr.number; | |
| } else { | |
| core.setFailed("PR not found"); | |
| } | |
| - name: Merge summaries | |
| id: summary | |
| run: | | |
| ls -R | |
| files=$(find $dir -type f) | |
| if [ -z "$files" ]; then | |
| echo "No files found in dir: $dir" | |
| exit 0 | |
| fi | |
| repo_url="${{ github.server_url }}/${{ github.repository }}" | |
| run_url="$repo_url/actions/runs/${{ github.event.workflow_run.id }}" | |
| { | |
| echo "message<<EOF" | |
| echo "## CI Summary" | |
| for file in $files; do | |
| echo $(cat $file) | |
| done | |
| echo | |
| echo "[Full summary]($run_url) (scroll down)" | |
| echo "EOF" | |
| } >> $GITHUB_OUTPUT | |
| - name: Set PR comment | |
| if: steps.summary.outputs.message | |
| uses: marocchino/sticky-pull-request-comment@v2 | |
| with: | |
| number: ${{ steps.get-pr-number.outputs.result }} | |
| header: ${{ github.event.workflow_run.name }} | |
| message: ${{ steps.summary.outputs.message }} | |
| - name: Delete PR comment | |
| if: ${{ !steps.summary.outputs.message }} | |
| uses: marocchino/sticky-pull-request-comment@v2 | |
| with: | |
| number: ${{ steps.get-pr-number.outputs.result }} | |
| header: ${{ github.event.workflow_run.name }} | |
| delete: true |