[Internal] Add test instructions for external contributors #6
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Comment | |
| # WARNING: | |
| # THIS WORKFLOW ALWAYS RUNS FOR EXTERNAL CONTRIBUTORS WITHOUT ANY APPROVAL. | |
| # THIS WORKFLOW RUNS FROM MAIN BRANCH, NOT FROM THE PR BRANCH. | |
| # DO NOT PULL THE PR OR EXECUTE ANY CODE FROM THE PR. | |
| on: | |
| pull_request_target: | |
| types: [opened, reopened, synchronize] | |
| branches: | |
| - main | |
| pull_request: | |
| types: [opened, reopened, synchronize] | |
| jobs: | |
| comment-on-pr: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| # NOTE: This is not 100% accurate, but it should work for most cases. | |
| - name: Check user and potential secret access | |
| id: check-secrets-access | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # Get user info | |
| USER_LOGIN="${{ github.event.pull_request.user.login }}" | |
| echo "Pull request opened by: $USER_LOGIN" | |
| # Check if user is a collaborator | |
| IS_COLLABORATOR=$(gh api repos/${{ github.repository }}/collaborators/$USER_LOGIN --silent && echo "true" || echo "false") | |
| # Check if PR is from a fork | |
| BASE_REPO="${{ github.event.pull_request.base.repo.full_name }}" | |
| HEAD_REPO="${{ github.event.pull_request.head.repo.full_name }}" | |
| IS_FORK=$([[ "$BASE_REPO" != "$HEAD_REPO" ]] && echo "true" || echo "false") | |
| # Determine potential secret access | |
| if [[ "$IS_COLLABORATOR" == "true" && "$IS_FORK" == "false" ]]; then | |
| echo "has_secrets_access=true" >> $GITHUB_OUTPUT | |
| echo "User $USER_LOGIN likely has access to secrets" | |
| else | |
| echo "has_secrets_access=false" >> $GITHUB_OUTPUT | |
| echo "User $USER_LOGIN likely does not have access to secrets" | |
| fi | |
| - uses: actions/checkout@v4 | |
| - name: Delete old comments | |
| if: steps.check-secrets-access.outputs.has_secrets_access != 'true' | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # Delete previous comment if it exists | |
| previous_comment_ids=$(gh api "repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" \ | |
| --jq '.[] | select(.body | startswith("<!-- INTEGRATION_TESTS -->")) | .id') | |
| echo "Previous comment IDs: $previous_comment_ids" | |
| # Iterate over each comment ID and delete the comment | |
| if [ ! -z "$previous_comment_ids" ]; then | |
| echo "$previous_comment_ids" | while read -r comment_id; do | |
| echo "Deleting comment with ID: $comment_id" | |
| gh api "repos/${{ github.repository }}/issues/comments/$comment_id" -X DELETE | |
| done | |
| fi | |
| - name: Comment on PR | |
| if: steps.check-secrets-access.outputs.is_fork != 'true' | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh pr comment ${{ github.event.pull_request.number }} --body \ | |
| "<!-- INTEGRATION_TESTS --> | |
| Run integration tests manually: | |
| [go/deco-tests-run/sdk-go](https://go/deco-tests-run/sdk-go) | |
| Inputs: | |
| PR number: ${{github.event.pull_request.number}} | |
| Commit SHA: `${{ github.event.pull_request.head.sha }}` | |
| Checks will be approved automatically on success. | |
| " |