forked from ethereum/staking-deposit-cli
-
Notifications
You must be signed in to change notification settings - Fork 10
82 lines (77 loc) · 2.77 KB
/
comment.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# Safely comment on the PR - https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
name: ci-comment
run-name: ${{ github.actor }} is adding coverage report comment on PR
on:
workflow_run:
workflows: [ "ci-runner" ]
types:
- completed
jobs:
completed-coverage:
runs-on: ubuntu-latest
if: >
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success'
outputs:
coverage: ${{ steps.output.outputs.coverage }}
steps:
- name: Get coverage job success
uses: actions/github-script@v7
env:
WORKFLOW_RUN_ID: '${{ github.event.workflow_run.id }}'
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { WORKFLOW_RUN_ID } = process.env;
core.exportVariable('COVERAGE', 'unknown');
const { data: allJobs } = await github.rest.actions.listJobsForWorkflowRun({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: WORKFLOW_RUN_ID,
});
allJobs.jobs.forEach((job) => {
if (
job.name === 'coverage-combine' &&
job.status == 'completed' &&
job.conclusion == 'success'
) {
core.exportVariable('COVERAGE', 'completed');
}
});
- name: Output coverage status
id: output
run: echo "coverage=${COVERAGE}" >> "$GITHUB_OUTPUT"
comment:
needs: completed-coverage
# Runs only if we have a completed coverage job from the ci-runner workflow
if: ${{ needs.completed-coverage.outputs.coverage == 'completed' }}
permissions:
issues: write
contents: write
pull-requests: write
runs-on: ubuntu-latest
steps:
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: results
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Comment on PR
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
var fs = require('fs');
const issueNumberPath = './issue_number'
if (!fs.existsSync(issueNumberPath)) {
console.log("Coverage artifacts were not downloaded, succeeding early");
return;
}
var issueNumber = Number(fs.readFileSync(issueNumberPath));
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issueNumber,
body: fs.readFileSync('./coverage-text-report').toString()
});