-
Notifications
You must be signed in to change notification settings - Fork 215
94 lines (87 loc) · 3.43 KB
/
pr_automations.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# Runs all automations related to PR events.
#
# See `issue_automations.yml` for the corresponding implementation for issues.
#
# The automations for PR events are a little more complex than those for issues
# because PRs are a less secure environment. To avoid leaking secrets, we need
# to run automations with code as it appears on `main`.
#
# `pull_request_target` serves this purpose but there is no corresponding
# `_target` version for `pull_request_review`. So we take this roundabout
# approach:
#
# This workflow waits for the `pr_automations_init.yml` workflow to complete and
# then uses its exports to run automations from main, with access to secrets.
#
# ...continued from `pr_automations_init.yml`
#
# 4. This workflow runs after `pr_automations_init.yml` workflow completes.
# 5. It downloads the artifacts from that workflow run.
# 6. It extracts the JSON file from the ZIP to `/tmp`.
# 7. It runs the automations as a script, which can access secrets.
name: PR automations
on:
workflow_run:
workflows:
- PR automations init
types:
- completed
jobs:
run:
name: Perform PR automations
runs-on: ubuntu-latest
# Prevent running this workflow on forks, it's unnecessary for external contributors
if: github.repository_owner == 'WordPress'
steps:
- name: Checkout repository
uses: actions/checkout@v4
# This step was copied from the GitHub docs.
# Ref: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#using-data-from-the-triggering-workflow
- name: Download artifact
uses: actions/github-script@v7
with:
script: |
let fs = require('fs');
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
let matchArtifacts = allArtifacts.data.artifacts.filter((artifact) => {
return ["event_info", "change_info"].includes(artifact.name)
});
for (let matchArtifact of matchArtifacts) {
let download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
fs.writeFileSync(
`${process.env.GITHUB_WORKSPACE}/${matchArtifact.name}.zip`,
Buffer.from(download.data)
);
}
- name: Unzip artifacts
run: |
unzip event_info.zip
mv event.json /tmp/event.json
cat /tmp/event.json
unzip change_info.zip
mv change.json /tmp/change.json
cat /tmp/change.json
- name: Perform PR labelling
uses: actions/github-script@v7
with:
github-token: ${{ secrets.ACCESS_TOKEN }}
script: |
const { main } = await import('${{ github.workspace }}/automations/js/src/label_pr.mjs')
await main(github, core)
- name: Perform PR automations
uses: actions/github-script@v7
if: success() || failure()
with:
github-token: ${{ secrets.ACCESS_TOKEN }}
script: |
const { main } = await import('${{ github.workspace }}/automations/js/src/project_automation/prs.mjs')
await main(github, core)