Skip to content

Market Manipulations Widget #892

Market Manipulations Widget

Market Manipulations Widget #892

Workflow file for this run

on:
issue_comment:
types: [created]
permissions:
contents: read
issues: read
pull-requests: write
jobs:
permission-check-job:
runs-on: ubuntu-latest
if: |
github.event.issue.pull_request &&
contains(github.event.comment.body, '/payout')
outputs:
permission: ${{ steps.permissions-check.outputs.defined }}
steps:
- name: Check for Secret availability
id: permissions-check
shell: bash
run: |
echo "defined=${{ contains(fromJSON(secrets.WIKI_REVIEWERS), github.actor) }}" >> $GITHUB_OUTPUT;
payout-calc:
runs-on: ubuntu-latest
name: "Calculate author payout"
needs: [permission-check-job]
if: needs.permission-check-job.outputs.permission == 'true'
steps:
- uses: actions/checkout@v3
- name: Cache Python
uses: actions/cache@v3
with:
path: ~/.cache/pypoetry
key: ${{ runner.os }}-poetry-${{ hashFiles('**/poetry.lock') }}
- name: Install package
run: pipx install poetry && poetry install --no-interaction
- name: Run script
run: |
# Parse command from issue comment
_action=$(grep "/payout" <<< "${{ github.event.comment.body }}" | sed 's|.*/|/|')
_name="$(grep -o '/[^[:space:]]*' <<< "$_action")"
_params="$(sed 's/^[^ ]* *//' <<< "$_action")"
# Note: This is potentially dangerous as the action string can be constructed to execute arbitrary code.
eval "poetry run payout-calc \
--pull-url ${{ github.event.issue.pull_request.url }} \
--github-token ${{ secrets.GITHUB_TOKEN }} \
$_params"