scaffold automated feature build for external contributors

idoqo · idoqo · commit 19d09fd83eb3 · 2025-09-17T23:17:48.000+01:00
diff --git a/.github/workflows/external-pr-trigger.yml b/.github/workflows/external-pr-trigger.yml
@@ -0,0 +1,79 @@
+name: External PR Trigger
+
+on:
+  pull_request:
+    types: [opened, reopened]
+
+jobs:
+  trigger-external-pr:
+    runs-on: ubuntu-latest
+    # Only run if the source branch does not have a PMM- prefix
+    if: |
+      !startsWith(github.event.pull_request.head.ref, 'PMM-')
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Git Config
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+
+      - name: Create branch in target repository
+        env:
+          GITHUB_TOKEN: ${{ secrets.TARGET_REPO_TOKEN }}
+          TARGET_REPO: ${{ vars.TARGET_REPO_OWNER }}/${{ vars.TARGET_REPO_NAME }}
+          SOURCE_BRANCH: ${{ github.event.pull_request.head.ref }}
+          PR_AUTHOR: ${{ github.event.pull_request.user.login }}
+        run: |
+          # Clone the target repository
+          git clone https://x-access-token:${GITHUB_TOKEN}@github.com/${TARGET_REPO}.git target-repo
+          cd target-repo
+
+          # Create a new branch based on the PR branch name
+          git checkout -b "mongodb-exporter-external-pr-${SOURCE_BRANCH}"
+
+          # Check if ci.yml exists
+          if [ ! -f "ci.yml" ]; then
+            echo "Creating ci.yml file"
+            mkdir -p $(dirname ci.yml)
+            touch ci.yml
+          fi
+
+          # Modify ci.yml file with PR information
+          cat > ci.yml << EOF
+          # Auto-generated from external PR
+          deps:
+            -name: mongodb_exporter
+              url: https://github.com/${GITHUB_REPOSITORY}
+              branch: ${SOURCE_BRANCH}
+          EOF
+
+          # Commit changes
+          git add ci.yml
+          git commit -m "Update ci.yml for external PR #${PR_NUMBER} from ${PR_AUTHOR}"
+
+          # Push the new branch
+          git push origin "external-pr-${SOURCE_BRANCH}"
+
+      - name: Create Pull Request in target repository
+        env:
+          GITHUB_TOKEN: ${{ secrets.TARGET_REPO_TOKEN }}
+          TARGET_REPO: ${{ vars.TARGET_REPO_OWNER }}/${{ vars.TARGET_REPO_NAME }}
+          SOURCE_BRANCH: ${{ github.event.pull_request.head.ref }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          PR_AUTHOR: ${{ github.event.pull_request.user.login }}
+        run: |
+          # Create PR using GitHub CLI
+          gh pr create \
+            --repo "${TARGET_REPO}" \
+            --title "External PR: ${{ github.event.pull_request.title }}" \
+            --body "This PR was automatically generated from external pull request #${PR_NUMBER} by @${PR_AUTHOR} in ${{ github.repository }} (branch: ${SOURCE_BRANCH}).
+
+          Original PR: ${{ github.event.pull_request.html_url }}
+
+          ## Original PR Description
+          ${{ github.event.pull_request.body }}" \
+            --base main \
+            --head "external-pr-${SOURCE_BRANCH}"
diff --git a/EXTERNAL_PR_ACTION.md b/EXTERNAL_PR_ACTION.md
@@ -0,0 +1,119 @@
+# External PR Trigger GitHub Action
+
+This GitHub Action automatically triggers actions in a target repository when a pull request is created by users who are not in an allowed list.
+
+## Overview
+
+When a pull request is opened, synchronized, or reopened from a branch that does NOT have a `PMM-` prefix, this action will:
+1. Create a new branch in a specified target repository
+2. Modify a `ci.yml` file in that repository with PR information
+3. Create a pull request in the target repository
+
+## Setup Instructions
+
+### 1. Understanding the Branch Prefix Check
+
+The workflow file `.github/workflows/external-pr-trigger.yml` checks the source branch name:
+
+```yaml
+if: |
+  !startsWith(github.event.pull_request.head.ref, 'PMM-')
+```
+
+This means:
+- PRs from branches WITH the `PMM-` prefix will NOT trigger this action
+- PRs from branches WITHOUT the `PMM-` prefix WILL trigger this action
+
+### 2. Create a Personal Access Token
+
+You need a Personal Access Token (PAT) with permissions to create branches and pull requests in the target repository:
+
+1. Go to GitHub Settings → Developer settings → Personal access tokens
+2. Generate a new token with the following scopes:
+   - `repo` (full control of private repositories)
+   - `workflow` (if the target repo has GitHub Actions)
+3. Copy the generated token
+
+### 3. Configure Repository Secrets
+
+In your repository settings, go to Secrets and variables → Actions, and add:
+
+- **SECRET**: `TARGET_REPO_TOKEN` - The Personal Access Token you created
+
+### 4. Configure Repository Variables
+
+In your repository settings, go to Secrets and variables → Actions → Variables tab, and add:
+
+- **VARIABLE**: `TARGET_REPO_OWNER` - The owner/organization of the target repository
+- **VARIABLE**: `TARGET_REPO_NAME` - The name of the target repository
+
+Example:
+- `TARGET_REPO_OWNER`: `myorg`
+- `TARGET_REPO_NAME`: `ci-configs`
+
+### 5. Customize the ci.yml Content (Optional)
+
+The action creates/updates a `ci.yml` file in the target repository. You can customize the content by modifying this section in the workflow:
+
+```yaml
+# Modify ci.yml file with PR information
+cat > ci.yml << EOF
+# Auto-generated from external PR
+external_pr:
+  deps:
+    - name: mongodb_exporter
+      url: https://github.com/percona/mongodb_exporter
+      branch: branch-name
+EOF
+```
+
+## How It Works
+
+1. **Trigger**: The action runs on every pull request event (opened, synchronized, reopened)
+
+3. **Branch Creation**: For external users, it:
+   - Clones the target repository
+   - Creates a new branch named `external-pr-{original-branch-name}`
+   - Updates the `ci.yml` file with PR metadata
+
+4. **Pull Request**: Creates a pull request in the target repository with:
+   - Title: "External PR: {original PR title}"
+   - Body: Contains a link to the original PR and its description
+
+## Security Considerations
+
+1. **Token Security**: The PAT is stored as a secret and never exposed in logs
+2. **Limited Scope**: The action only modifies the specified `ci.yml` file
+3. **Branch Filtering**: Only PRs from branches without the `PMM-` prefix trigger the action
+
+## Troubleshooting
+
+### Action Not Triggering
+- Verify the branch does NOT have a `PMM-` prefix
+- Check that the workflow file is in `.github/workflows/` directory
+- Ensure the workflow has the correct event triggers
+
+### Permission Errors
+- Verify the PAT has the correct scopes
+- Check that the token hasn't expired
+- Ensure the target repository allows the token's access
+
+### Branch/PR Creation Fails
+- Check that the target repository exists
+- Verify the `TARGET_REPO_OWNER` and `TARGET_REPO_NAME` variables are correct
+- Ensure there isn't already a branch with the same name
+
+## Example Scenarios
+
+### Scenario 1: PR from non-PMM branch (Action triggers)
+1. User creates PR #123 from branch `fix-bug` (no PMM- prefix)
+2. This action triggers and:
+   - Creates branch `external-pr-fix-bug` in the target repository
+   - Updates `ci.yml` with PR #123's information
+   - Creates a PR in the target repository titled "External PR: Fix bug"
+3. The target repository can then run its own CI/CD processes based on the `ci.yml` content
+
+### Scenario 2: PR from PMM branch (Action does NOT trigger)
+1. User creates PR #124 from branch `PMM-1234-fix-issue`
+2. This action does NOT trigger because the branch has the `PMM-` prefix
+3. The PR proceeds with normal repository workflows
