Comment on an issue #288263
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | name: Comment on an issue | |
| on: | |
| workflow_run: | |
| workflows: | |
| - "Check code formatting" | |
| - "Check for private emails used in PRs" | |
| - "PR Request Release Note" | |
| - "Code lint" | |
| types: | |
| - completed | |
| permissions: | |
| contents: read | |
| jobs: | |
| pr-comment: | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| pull-requests: write | |
| if: > | |
| github.event.workflow_run.event == 'pull_request' && | |
| ( | |
| github.event.workflow_run.conclusion == 'success' || | |
| github.event.workflow_run.conclusion == 'failure' | |
| ) | |
| steps: | |
| - name: Fetch Sources | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| sparse-checkout: | | |
| .github/workflows/unprivileged-download-artifact/action.yml | |
| sparse-checkout-cone-mode: false | |
| - name: 'Download artifact' | |
| uses: ./.github/workflows/unprivileged-download-artifact | |
| id: download-artifact | |
| with: | |
| run-id: ${{ github.event.workflow_run.id }} | |
| artifact-name: workflow-args | |
| - name: 'Comment on PR' | |
| if: steps.download-artifact.outputs.artifact-id != '' | |
| uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| var fs = require('fs'); | |
| const comments = JSON.parse(fs.readFileSync('./comments')); | |
| if (!comments || comments.length == 0) { | |
| return; | |
| } | |
| let runInfo = await github.rest.actions.getWorkflowRun({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| run_id: context.payload.workflow_run.id | |
| }); | |
| console.log(runInfo); | |
| // Query to find the number of the pull request that triggered this job. | |
| // The associated pull requests are based off of the branch name, so if | |
| // you create a pull request for a branch, close it, and then create | |
| // another pull request with the same branch, then this query will return | |
| // two associated pull requests. This is why we have to fetch all the | |
| // associated pull requests and then iterate through them to find the | |
| // one that is open. | |
| const gql_query = ` | |
| query($repo_owner : String!, $repo_name : String!, $branch: String!) { | |
| repository(owner: $repo_owner, name: $repo_name) { | |
| ref (qualifiedName: $branch) { | |
| associatedPullRequests(first: 100) { | |
| nodes { | |
| baseRepository { | |
| owner { | |
| login | |
| } | |
| } | |
| number | |
| state | |
| } | |
| } | |
| } | |
| } | |
| } | |
| ` | |
| const gql_variables = { | |
| repo_owner: runInfo.data.head_repository.owner.login, | |
| repo_name: runInfo.data.head_repository.name, | |
| branch: runInfo.data.head_branch | |
| } | |
| const gql_result = await github.graphql(gql_query, gql_variables); | |
| console.log(gql_result); | |
| // If the branch for the PR was deleted before this job has a chance | |
| // to run, then the ref will be null. This can happen if someone: | |
| // 1. Rebase the PR, which triggers some workflow. | |
| // 2. Immediately merges the PR and deletes the branch. | |
| // 3. The workflow finishes and triggers this job. | |
| if (!gql_result.repository.ref) { | |
| console.log("Ref has been deleted"); | |
| return; | |
| } | |
| console.log(gql_result.repository.ref.associatedPullRequests.nodes); | |
| var pr_number = 0; | |
| gql_result.repository.ref.associatedPullRequests.nodes.forEach((pr) => { | |
| // The largest PR number is the one we care about. The only way | |
| // to have more than one associated pull requests is if all the | |
| // old pull requests are in the closed state. | |
| if (pr.baseRepository.owner.login = context.repo.owner && pr.number > pr_number) { | |
| pr_number = pr.number; | |
| } | |
| }); | |
| if (pr_number == 0) { | |
| console.log("Error retrieving pull request number"); | |
| return; | |
| } | |
| await comments.forEach(function (comment) { | |
| if (comment.id) { | |
| // Security check: Ensure that this comment was created by | |
| // the github-actions bot, so a malicious input won't overwrite | |
| // a user's comment. | |
| github.rest.issues.getComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| comment_id: comment.id | |
| }).then((old_comment) => { | |
| console.log(old_comment); | |
| if (old_comment.data.user.login != "github-actions[bot]") { | |
| console.log("Invalid comment id: " + comment.id); | |
| return; | |
| } | |
| github.rest.issues.updateComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: pr_number, | |
| comment_id: comment.id, | |
| body: comment.body | |
| }); | |
| }); | |
| } else { | |
| github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: pr_number, | |
| body: comment.body | |
| }); | |
| } | |
| }); | |
| - name: Dump comments file | |
| if: >- | |
| always() && | |
| steps.download-artifact.outputs.artifact-id != '' | |
| run: cat comments |