Skip to content

[C++][Python] Potential improvements around supply chain security #95298

[C++][Python] Potential improvements around supply chain security

[C++][Python] Potential improvements around supply chain security #95298

Workflow file for this run

# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
name: Comment Bot
on:
# TODO(kszucs): support pull_request_review_comment
issue_comment:
types:
- created
- edited
permissions:
contents: read
jobs:
crossbow:
name: Listen!
if: startsWith(github.event.comment.body, '@github-actions crossbow')
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- name: Checkout Arrow
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
path: arrow
# fetch the tags for version number generation
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: 3.12
- name: Install Archery and Crossbow dependencies
run: pip install -e arrow/dev/archery[bot]
- name: Handle GitHub comment event
env:
ARROW_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CROSSBOW_GITHUB_TOKEN: ${{ secrets.CROSSBOW_GITHUB_TOKEN }}
run: |
archery --debug trigger-bot \
--event-name ${{ github.event_name }} \
--event-payload ${{ github.event_path }}
issue_assign:
name: "Assign issue"
permissions:
issues: write
if: github.event.comment.body == 'take'
runs-on: ubuntu-latest
steps:
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
github.rest.issues.addAssignees({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.issue.number,
assignees: context.payload.comment.user.login
});