feat: allow workflow calls as triggers (#89)

* fix: updated check to allow workflow calls as triggers

* Potential fix for code scanning alert no. 7: Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* Potential fix for code scanning alert no. 6: Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* fix: added missing perm to reusable workflow

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: gdsmith1

.github/workflows/action-test.yml

@@ -2,6 +2,17 @@ name: Action Tester Workflow
 
 on:
   pull_request:
+  workflow_call:
+    inputs:
+      test-mode:
+        description: 'Test mode for workflow_call testing'
+        required: false
+        type: string
+        default: 'reusable'
+
+permissions:
+  contents: read
+  pull-requests: write
 
 jobs:
   plan:
@@ -81,3 +92,10 @@ jobs:
           include-plan-job-summary: true
           include-tag-only-resources: true
           include-unchanged-resources: true
+
+  # Test workflow_call functionality by calling a reusable workflow
+  test-reusable-workflow:
+    if: github.event_name == 'pull_request'
+    uses: ./.github/workflows/reusable-terraform-test.yml
+    with:
+      test-mode: 'workflow_call_test'

.github/workflows/reusable-terraform-test.yml

@@ -0,0 +1,34 @@
+name: Reusable Terraform Test Workflow
+
+permissions:
+  contents: read
+  pull-requests: write
+
+on:
+  workflow_call:
+    inputs:
+      test-mode:
+        description: 'Test mode for reusable workflow'
+        required: false
+        type: string
+        default: 'reusable'
+
+jobs:
+  reusable-test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+      - run: yarn install
+      - run: yarn run build
+
+      - name: Test PR Commenter via workflow_call
+        uses: ./
+        with:
+          json-file: test-data/tf_test.json
+          comment-header: "Terraform Plan via Reusable Workflow (workflow_call event)"
+          expand-comment: "true"
+          include-workflow-link: "true"
+          include-job-link: "true"

README.md

@@ -12,6 +12,7 @@ Implementing this Action is _super_ simple and the comments are consise and easy
 - Display changes in a Terraform plan without posting larger sections of the plan change log. This approach will, in most cases, avoid the situation where plan contents are too large for a single PR comment.
 - Collapsed as a summary by default, when expanded, the comment is broken up into sections for  deletion, creation, and resource changes. The changes are also color-coded to help draw attention to each proposed modification.
 - This JavaScript GitHub Action runs directly on a host runner and executes faster than a Docker container Action.
+- Works with both direct pull request workflows and reusable workflows (supports `workflow_call` events).
 - Possibility to add the output to your workflow summary.
 - Possibility to hide previous comments generated by this action.
 - Possibility to not create any comments in case there are no infrastructure changes.
@@ -120,6 +121,69 @@ with:
 ```
 **Note:**
 - When `include-plan-job-summary = true`, if the action is executed in non-Pull Request workflows, the plan output will also be posted to the job summary of that run. If you do not wish to have this behavior, apply conditional logic to your workflow file.
+
+### Usage with Reusable Workflows
+
+This action works seamlessly with reusable workflows. When called through a `workflow_call` event, it will still properly comment on the originating pull request.
+
+**Important:** For `workflow_call` events, the action requires that the calling workflow was triggered by a pull request to have the necessary PR context. If a reusable workflow is called from a non-PR event (like `push`, `schedule`, or `workflow_dispatch`), the action will skip comment creation and only generate workflow summaries if enabled.
+
+**reusable-terraform.yml:**
+```yaml
+name: Reusable Terraform Workflow
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        required: true
+        type: string
+
+jobs:
+  terraform:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_wrapper: false
+      
+      - name: Terraform Plan
+        run: |
+          terraform init
+          terraform plan -out=tfplan
+          terraform show -json tfplan > tfplan.json
+      
+      - name: Comment Plan Changes
+        uses: liatrio/terraform-change-pr-commenter@v1.10.0
+        with:
+          json-file: tfplan.json
+          comment-header: "Terraform Plan for ${{ inputs.environment }}"
+          expand-comment: 'true'
+```
+
+**main-workflow.yml:**
+```yaml
+name: Infrastructure Deployment
+
+on:
+  pull_request:
+
+permissions:
+  pull-requests: write
+
+jobs:
+  terraform-dev:
+    uses: ./.github/workflows/reusable-terraform.yml
+    with:
+      environment: "development"
+  
+  terraform-prod:
+    uses: ./.github/workflows/reusable-terraform.yml
+    with:
+      environment: "production"
+```
+
 #### Example Job Summary Output
 ![Plan output job summary](assets/plan-output-job-summary.png)
 

index.js

@@ -15,16 +15,19 @@ const includeLinkToWorkflow = core.getBooleanInput("include-workflow-link");
 const includeLinkToJob = core.getBooleanInput("include-job-link");
 const hidePreviousComments = core.getBooleanInput("hide-previous-comments");
 const logChangedResources = core.getBooleanInput("log-changed-resources");
-const includeTagOnlyResources = core.getBooleanInput("include-tag-only-resources");
-const includeUnchangedResources = core.getBooleanInput("include-unchanged-resources");
-
+const includeTagOnlyResources = core.getBooleanInput(
+  "include-tag-only-resources",
+);
+const includeUnchangedResources = core.getBooleanInput(
+  "include-unchanged-resources",
+);
 
 // Get current job name from GitHub environment variable
-const currentJobName = process.env.GITHUB_JOB || '';
-const currentRunnerName = process.env.RUNNER_NAME || '';
+const currentJobName = process.env.GITHUB_JOB || "";
+const currentRunnerName = process.env.RUNNER_NAME || "";
 
 // Log the job name for debugging
-console.log('Current job name:', currentJobName);
+console.log("Current job name:", currentJobName);
 
 const workflowLink = includeLinkToWorkflow
   ? `
@@ -45,13 +48,15 @@ async function getJobId() {
         repo: context.repo.repo,
         run_id: context.runId,
       });
-      
+
       // Find the current job by name
-      const job = response.data.jobs.find(job => 
-        job.runner_name === currentRunnerName &&
-        (job.name.endsWith(currentJobName) || job.name.startsWith(currentJobName))
+      const job = response.data.jobs.find(
+        (job) =>
+          job.runner_name === currentRunnerName &&
+          (job.name.endsWith(currentJobName) ||
+            job.name.startsWith(currentJobName)),
       );
-      
+
       if (job) {
         console.log(`Found job ID: ${job.id} for job name: ${job.name}`);
         // Create job link with the numeric job ID
@@ -102,7 +107,8 @@ const output = () => {
   let body = "";
   // for each file
   for (const file of inputFilenames) {
-    const resource_changes = JSON.parse(fs.readFileSync(file)).resource_changes || [];
+    const resource_changes =
+      JSON.parse(fs.readFileSync(file)).resource_changes || [];
     try {
       let changed_resources = resource_changes.filter((resource) => {
         return resource.change.actions != ["no-op"];
@@ -172,7 +178,7 @@ const output = () => {
 ${commentHeader}
 <details ${expandDetailsComment ? "open" : ""}>
 <summary>
-<b>Terraform Plan: ${resources_to_create.length} to be created, ${resources_to_delete.length} to be deleted, ${resources_to_update.length} to be updated${includeTagOnlyResources ? `, ${resources_to_tag.length} to be tagged` : ''}, ${resources_to_replace.length} to be replaced, ${resources_unchanged.length} unchanged.</b>
+<b>Terraform Plan: ${resources_to_create.length} to be created, ${resources_to_delete.length} to be deleted, ${resources_to_update.length} to be updated${includeTagOnlyResources ? `, ${resources_to_tag.length} to be tagged` : ""}, ${resources_to_replace.length} to be replaced, ${resources_unchanged.length} unchanged.</b>
 </summary>
 ${includeUnchangedResources ? details("unchanged", resources_unchanged, "•") : ""}
 ${details("create", resources_to_create, "+")}
@@ -317,7 +323,7 @@ async function run() {
       jobLink = await getJobId();
       console.log("Job link generated:", jobLink);
     }
-    
+
     let rawOutput = output();
     let createComment = true;
 
@@ -333,7 +339,10 @@ async function run() {
     console.log("includePlanSummary", includePlanSummary);
     if (includePlanSummary) {
       core.info("Adding plan output to job summary");
-      core.summary.addHeading("Terraform Plan Results").addRaw(rawOutput).write();
+      core.summary
+        .addHeading("Terraform Plan Results")
+        .addRaw(rawOutput)
+        .write();
     }
 
     console.log("quietMode", quietMode);
@@ -347,10 +356,22 @@ async function run() {
       createComment = false;
     }
 
-    if (context.eventName === "pull_request") {
-      core.info(
-        `Found PR # ${context.issue.number} from workflow context - proceeding to comment.`,
-      );
+    if (
+      context.eventName === "pull_request" ||
+      context.eventName === "workflow_call"
+    ) {
+      // Verify we have PR context available in the case that it's a workflow_call event- should always pass for pull_request
+      if (context.issue && context.issue.number) {
+        core.info(
+          `Found PR # ${context.issue.number} from ${context.eventName} event - proceeding to comment.`,
+        );
+      } else {
+        core.info(
+          `${context.eventName} event detected but no PR context available.`,
+        );
+        core.info("Skipping comment creation.");
+        createComment = false;
+      }
     } else {
       core.info("Action doesn't seem to be running in a PR workflow context.");
       core.info("Skipping comment creation.");