forked from maricn/logback-slack-appender
-
Notifications
You must be signed in to change notification settings - Fork 1
88 lines (75 loc) · 3.24 KB
/
tf-autosquash.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
---
#
# PLEASE NOTE: Managed workflow - do not change manually
#
name: Autosquash
on:
issue_comment:
types: [created]
jobs:
autosquash:
env:
# for GitHub CLI
GH_TOKEN: ${{ github.token }}
# If a pull request is commented with /autosquash
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/autosquash') }}
runs-on: ubuntu-latest
steps:
- name: Determine app token # so that later pushing can run check workflows
env:
WE_HELPER_GITHUB_PRIVATE_KEY: ${{ secrets.WE_HELPER_GITHUB_PRIVATE_KEY }}
if: env.WE_HELPER_GITHUB_PRIVATE_KEY # only if we have the required secret
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
id: app-token
with:
app-id: ${{ secrets.WE_HELPER_GITHUB_APP_ID }}
private-key: ${{ secrets.WE_HELPER_GITHUB_PRIVATE_KEY }}
- name: Checkout the repository and persist credentials
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
token: ${{ steps.app-token.outputs.token || github.token }}
- name: Determine PR head repo owner
run: |
echo "PR_OWNER=$(gh pr view ${{ github.event.issue.number }} --json headRepositoryOwner -q .headRepositoryOwner.login)" >> $GITHUB_ENV
- name: Verify not a fork PR
# Reason: We want to ensure that the token has write permissions to the repo the PR originated from, also that the user has write permissions to the main repo
run: |
if [ "$PR_OWNER" = "${{ github.repository_owner }}" ]; then
echo "PR is not from a fork"
else
echo "Not supported for PRs from a fork"
exit 1
fi
- name: Check if organization member
id: is_organization_member
if: github.event.sender.login != github.event.issue.user.login # avoid organization check if unnecessary
uses: JamesSingleton/is-organization-member@20f38a5b256765f86036beeea415021d3b1c9dc6
with:
organization: ${{ github.repository_owner }}
username: ${{ github.event.sender.login }}
token: ${{ github.token }}
- name: Verify user
if: ${{ steps.is_organization_member.outputs.result != 'true' }}
run: |
if [ "${{ github.event.sender.login }}" = "${{ github.event.issue.user.login }}" ]; then
echo "User is issue author"
else
echo "User is neither issue author nor organization member"
exit 1
fi
- name: Checkout pull request
run: gh pr checkout ${{ github.event.issue.number }}
- name: Set up git
run: |
git config --global user.name "github-actions[bot]"
git config --global user.email "github-actions[bot]@users.noreply.github.com"
- name: Perform interactive rebase with autosquash
env:
EDITOR: 'true' # to automatically complete the interactive rebase
run: |
BASE_REF=$(gh pr view ${{ github.event.issue.number }} --json baseRefName -q .baseRefName)
git fetch origin
git rebase -i --autosquash origin/$BASE_REF
- name: Push changes
run: |
git push --force-with-lease