Fix trigger of quality monitor

uhafner · uhafner · commit c84c723c8b45 · 2026-03-01T16:40:21.000+01:00
diff --git a/.github/scripts/fetch-artifacts.sh b/.github/scripts/fetch-artifacts.sh
@@ -10,6 +10,7 @@ set -euo pipefail
 # Optional:
 # RETRIES: number of polling attempts per workflow (default: 30)
 # SLEEP_SEC: seconds to wait between attempts (default: 10)
+# ALLOWED_EVENTS: comma-separated list of workflow run events to consider (default: pull_request,pull_request_target)
 
 IFS=',' read -r -a WORKFLOWS_ARR <<< "${OTHER_WORKFLOWS}"
 IFS=',' read -r -a ARTIFACTS_ARR <<< "${ARTIFACT_NAMES}"
@@ -19,6 +20,7 @@ TOKEN="${TOKEN}"
 API_BASE="https://api.github.com/repos/${REPO}"
 RETRIES=${RETRIES:-30}
 SLEEP_SEC=${SLEEP_SEC:-10}
+ALLOWED_EVENTS=${ALLOWED_EVENTS:-pull_request,pull_request_target}
 
 mkdir -p artifacts
 
@@ -40,13 +42,14 @@ for idx in "${!WORKFLOWS_ARR[@]}"; do
     attempt=$((attempt+1))
     echo "  attempt $attempt/$RETRIES"
 
-    # 1) Liste Runs für das Workflow (workflow id/name/file)
+    # 1) List workflow runs (workflow id/name/file)
     resp=$(curl -s -H "Authorization: Bearer ${TOKEN}" "${API_BASE}/actions/workflows/${wf}/runs?per_page=50")
 
-    # 2) Finde Run mit matching head_sha
-    run_id=$(echo "$resp" | jq -r --arg SHA "$SHA" '.workflow_runs[] | select(.head_sha==$SHA) | .id' | head -n1 || true)
-    run_status=$(echo "$resp" | jq -r --arg SHA "$SHA" '.workflow_runs[] | select(.head_sha==$SHA) | .status' | head -n1 || true)
-    run_conclusion=$(echo "$resp" | jq -r --arg SHA "$SHA" '.workflow_runs[] | select(.head_sha==$SHA) | .conclusion' | head -n1 || true)
+    # 2) Find run with matching head_sha (and allowed event types)
+    regex_events=$(echo "$ALLOWED_EVENTS" | tr ',' '|' | tr -d '[:space:]')
+    run_id=$(echo "$resp" | jq -r --arg SHA "$SHA" --arg RE "$regex_events" '.workflow_runs[] | select(.head_sha==$SHA and (.event|test($RE))) | .id' | head -n1 || true)
+    run_status=$(echo "$resp" | jq -r --arg SHA "$SHA" --arg RE "$regex_events" '.workflow_runs[] | select(.head_sha==$SHA and (.event|test($RE))) | .status' | head -n1 || true)
+    run_conclusion=$(echo "$resp" | jq -r --arg SHA "$SHA" --arg RE "$regex_events" '.workflow_runs[] | select(.head_sha==$SHA and (.event|test($RE))) | .conclusion' | head -n1 || true)
 
     if [ -n "${run_id}" ] && [ "${run_id}" != "null" ]; then
       echo "  Found run ${run_id} status=${run_status} conclusion=${run_conclusion}"
diff --git a/.github/workflows/quality-monitor-comment-pr.yml b/.github/workflows/quality-monitor-comment-pr.yml
@@ -1,74 +1,63 @@
 name: 'Quality Monitor Comment PR'
 
 on:
-  workflow_run:
-    workflows: ['Quality Monitor', 'Dependency Check']
-    types: [completed]
+  pull_request:
 
 permissions:
-  actions: read
   contents: read
+  actions: read
   pull-requests: write
   checks: write
 
 jobs:
   comment:
-    if: ${{ github.event.workflow_run.event == 'pull_request' }}
     runs-on: ubuntu-latest
     name: Comment on PR
 
     steps:
-      - name: Extract PR number and SHA
-        id: pr
-        run: |
-          pr_number='${{ github.event.workflow_run.pull_requests[0].number }}'
-          echo "number=$pr_number" >> "$GITHUB_OUTPUT"
-          sha='${{ github.event.workflow_run.head_sha }}'
-          echo "sha=$sha" >> "$GITHUB_OUTPUT"
       - name: Checkout PR
         uses: actions/checkout@v6
         with:
-          ref: ${{ steps.pr.outputs.sha }}
+          ref: ${{ github.event.pull_request.head.sha }}
+
       - name: Install jq and unzip
         run: sudo apt-get update && sudo apt-get install -y jq unzip
-      - name: Prepare environment
-        env:
-          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
-          REPO: ${{ github.repository }}
-          TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          echo "HEAD_SHA=$HEAD_SHA"
-          echo "REPO=$REPO"
+
       - name: Fetch reports from dependency check and quality monitor workflows
         env:
           REPO: ${{ github.repository }}
-          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
+          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
           TOKEN: ${{ secrets.GITHUB_TOKEN }}
           OTHER_WORKFLOWS: "quality-monitor-build.yml,dependency-check.yml"
           ARTIFACT_NAMES: "quality-reports,dependency-report"
-          RETRIES: 30
+          ALLOWED_EVENTS: "pull_request,pull_request_target"
+          RETRIES: 60
           SLEEP_SEC: 10
         run: |
           chmod +x ./.github/scripts/fetch-artifacts.sh
           ./.github/scripts/fetch-artifacts.sh
+
       - name: List downloaded reports
         run: |
           mkdir -p reports/target
           mv artifacts/*/target/* reports/target
           ls -la reports/target/* || true
+
       - name: Read Quality Monitor Configuration
         id: quality-monitor
         run: echo "json=$(jq -c . .github/quality-monitor-pr.json)" >> "$GITHUB_OUTPUT"
+
       - name: Read Quality Gates Configuration
         id: quality-gates
         run: echo "json=$(jq -c . .github/quality-gates-pr.json)" >> "$GITHUB_OUTPUT"
+
       - name: Run Quality Monitor and Comment on PR
         uses: uhafner/quality-monitor@v4
         with:
-          sha: ${{ steps.pr.outputs.sha }}
+          sha: ${{ github.event.pull_request.head.sha }}
           config: ${{ steps.quality-monitor.outputs.json }}
           quality-gates: ${{ steps.quality-gates.outputs.json }}
-          pr-number: ${{ steps.pr.outputs.number }}
+          pr-number: ${{ github.event.pull_request.number }}
           comments-strategy: REMOVE
           show-headers: true
           title-metric: none
