Skip to content

Publish Check CI results #15348

Publish Check CI results

Publish Check CI results #15348

name: Publish Check CI results
# WARNING:
# workflow_run provides read-write repo token and access to secrets.
# Do *not* merge changes to this file without the proper review.
# We should only be running trusted code here.
on:
workflow_run:
workflows: ["Check CI"]
types:
- completed
jobs:
# Job based on https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
publish-check-ci:
runs-on: ubuntu-22.04
steps:
# Unfortunately, the official actions/download-artifact action is very limited in scope.
# Can't use it yet in this context, https://github.com/actions/download-artifact/issues/60
- name: Download artifact
uses: actions/github-script@v7
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{ github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "check-ci-results"
})[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/check-ci-results.zip', Buffer.from(download.data));
- run: unzip check-ci-results.zip
- name: Publish Test Results
uses: scacap/action-surefire-report@v1
env:
NODE_OPTIONS: '--max_old_space_size=4096'
with:
check_name: check-ci test report
commit: ${{ github.event.workflow_run.head_sha }}
report_paths: '**/build/test-results/*/TEST-*.xml'