-
Notifications
You must be signed in to change notification settings - Fork 3
155 lines (136 loc) · 6.11 KB
/
splice.yaml
File metadata and controls
155 lines (136 loc) · 6.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
name: Create single-file PR from review comment (Reusable)
on:
workflow_call:
inputs:
base_ref:
description: 'Base branch to compare against (optional)'
required: false
type: string
default: master
committer:
description: >
The committer name and email address in the format `Display Name <email@address.com>`.
Defaults to the GitHub Actions bot user.
required: false
type: string
default: 'github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>'
author:
description: >
The author name and email address in the format `Display Name <email@address.com>`.
Defaults to the author of the PR.
required: false
type: string
default: '${{ github.event.pull_request.user.login }} <${{ github.event.pull_request.user.id }}+${{ github.event.pull_request.user.login }}@users.noreply.github.com>'
emit_bridge_artifact:
description: Whether to emit the bridge artifact; useful to disable in local smoke tests
required: false
type: boolean
default: true
permissions: {}
jobs:
create-single-file-pr:
runs-on: ubuntu-latest
steps:
- name: Verify caller event is pull_request_review_comment
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
github-token: ${{ github.token }}
script: |
const eventName = context.eventName;
const hasReviewCommentPayload = !!(context.payload?.comment && context.payload?.pull_request);
if (eventName !== "pull_request_review_comment" && !hasReviewCommentPayload) {
core.setFailed(
`This workflow must be called from a pull_request_review_comment trigger; got ${eventName}.`
);
return;
}
core.info(`Trigger OK: ${eventName}`);
- name: Extract essentials from event (and optionally filter for suggestions)
id: extract
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
env:
# Pass the reusable input down to the script and emit it as an output named base_ref
BASE_REF_INPUT: ${{ inputs.base_ref }}
with:
github-token: ${{ github.token }}
script: |
// NOTE: In actions/github-script, `core`, `github`, and `context` are provided globally.
const comment = context.payload?.comment;
const pr = context.payload?.pull_request;
const body = comment?.body || "";
const triggerLine = body
.split(/\r?\n/)
.find((line) => /^splice-bot\b/i.test(line));
core.info(`Comment body:\n---\n${body}\n---`);
// Start-of-line match across lines; no leading whitespace allowed
if (!triggerLine) {
core.info("No `splice-bot` found at the start of a line, skipping.");
core.setOutput("skip", "true");
return;
}
const triggerKeyword = triggerLine.replace(/^splice-bot\b/i, "").trim().split(/\s+/)[0] || "";
core.info(`Trigger keyword: ${triggerKeyword || "(none)"}`);
const path = comment?.path;
if (!path) {
core.info("This review comment is not on a file diff (no .path). Nothing to do.");
core.setOutput("skip", "true");
return;
}
if (!pr) {
core.info("No pull_request object on this event.");
core.setOutput("skip", "true");
return;
}
// Gather PR metadata (for logging and outputs)
const prNumber = pr.number;
const baseSha = pr.base?.sha;
const baseRepoFullName = pr.base?.repo?.full_name;
const headSha = pr.head?.sha;
const headRepoFullName = pr.head?.repo?.full_name;
if (!baseSha || !headSha || !baseRepoFullName || !headRepoFullName) {
core.info("Missing required PR details (base/head sha/repo).");
core.setOutput("skip", "true");
return;
}
const filename = path.split("/").pop();
const baseRefFromInput = process.env.BASE_REF_INPUT || "master";
core.info(`File path: ${path}`);
core.info(`Filename: ${filename}`);
core.info(`PR #${prNumber} | base: ${baseRefFromInput} | head sha: ${headSha}`);
core.info(`head repo: ${headRepoFullName} | base repo: ${baseRepoFullName}`);
// Outputs preserved for downstream steps
core.setOutput("skip", "false");
// IMPORTANT: base_ref now comes from the reusable workflow input (default master)
core.setOutput("base_ref", baseRefFromInput);
core.setOutput("trigger_keyword", triggerKeyword);
- if: ${{ steps.extract.outputs.skip != 'true' && inputs.emit_bridge_artifact }}
name: Prepare bridge outputs
run: |
jq -n \
--arg base_ref "${{ steps.extract.outputs.base_ref }}" \
--arg trigger_keyword "${{ steps.extract.outputs.trigger_keyword }}" \
--arg committer "${{ inputs.committer }}" \
--arg author "${{ inputs.author }}" \
'{
base_ref: $base_ref,
trigger_keyword: $trigger_keyword,
committer: $committer,
author: $author,
}' > bridge-outputs.json
- if: ${{ steps.extract.outputs.skip != 'true' && inputs.emit_bridge_artifact }}
name: Emit bridge artifact
uses: leanprover-community/privilege-escalation-bridge/emit@v1
with:
artifact: workflow-data
outputs_file: bridge-outputs.json
event_fields: |
comment.id
comment.path
comment.user.login
pull_request.base.repo.full_name
pull_request.user.login
pull_request.head.repo.full_name
pull_request.head.sha
pull_request.head.ref
pull_request.head.label
retention_days: 5