Cut over to actions only

.github/shared/src/git.js

@@ -0,0 +1,11 @@
+// @ts-check
+
+/**
+ * Returns true if a string is a possible full git SHA (40 hex chars, case insensitive)
+ *
+ * @param {string} string
+ * @returns {boolean}
+ */
+export function isFullGitSha(string) {
+  return /^[0-9a-f]{40}$/i.test(string);
+}

.github/shared/test/examples.js

@@ -1,5 +1,7 @@
 // @ts-check
 
+export const fullGitSha = "abc123abc123abc123abc123abc123abc123abc1";
+
 export const swaggerHandWritten = JSON.stringify("foo");
 
 export const swaggerTypeSpecGenerated = JSON.stringify({

.github/shared/test/git.test.js

@@ -0,0 +1,25 @@
+// @ts-check
+
+import { describe, expect, it } from "vitest";
+import { isFullGitSha } from "../src/git";
+import { fullGitSha } from "./examples";
+
+describe("git", () => {
+  it.each([
+    [undefined, false],
+    [null, false],
+    ["", false],
+    // Short SHAs of 7 chars are not valid
+    ["abc1234", false],
+    // Invalid hex chars
+    ["aBcDeG0189".repeat(4), false],
+    ["aBcDe 0189".repeat(4), false],
+    ["aBcDe_0189".repeat(4), false],
+    // Valid
+    ["aBcDeF0189".repeat(4), true],
+    [fullGitSha, true],
+  ])("isFullGitSha(%o) => %o", (string, result) => {
+    // @ts-expect-error Testing invalid input types
+    expect(isFullGitSha(string)).toBe(result);
+  });
+});

.github/workflows/_reusable-set-check-status.yaml

@@ -1,3 +1,3 @@
 # Prefix with "~" to sort last in Actions list
 name: ~Templates - Set Run Status
 
@@ -68,6 +68,13 @@
               '${{ inputs.overriding_label }}'
             );
 
+      - if: ${{ always() && steps.set-status.outputs.head_sha }}
+        name: Upload artifact with head SHA
+        uses: ./.github/actions/add-empty-artifact
+        with:
+          name: head-sha
+          value: ${{ steps.set-status.outputs.head_sha }}
+
       - if: ${{ always() && steps.set-status.outputs.issue_number }}
         name: Upload artifact with issue number
         uses: ./.github/actions/add-empty-artifact

.github/workflows/arm-auto-signoff.yaml

@@ -1,20 +1,18 @@
 name: ARM Auto SignOff
 
 on:
-  issue_comment:
-    types:
-      - edited
   # Must run on pull_request_target instead of pull_request, since the latter cannot trigger on
   # labels from bot accounts in fork PRs. pull_request_target is also more similar to the other
-  # triggers "issue_comment" and "workflow_run" -- they are all privileged# and run in the target
-  # branch and repo -- which simplifies implementation.
+  # trigger "workflow_run" -- they are both privileged and run in the target branch and repo --
+  # which simplifies implementation.
   pull_request_target:
     types:
       # Depends on labels, so must re-evaluate whenever a relevant label is manually added or removed.
       - labeled
       - unlabeled
   workflow_run:
-    workflows: ["ARM Incremental TypeSpec"]
+    workflows:
+      ["ARM Incremental TypeSpec", "Swagger Avocado - Set Status", "Swagger LintDiff - Set Status"]
     types: [completed]
 
 permissions:
@@ -28,9 +26,8 @@
   arm-auto-signoff:
     name: ARM Auto SignOff
 
+    # workflow_run - already filtered by triggers above
     # pull_request_target:labeled - filter to only the input and output labels
-    # issue_comment:edited - filter to only PR comments containing "next steps to merge",
-    #   a signal that checks like "Swagger LintDiff" or "Swagger Avocado" status may have changed
     if: |
       github.event_name == 'workflow_run' ||
       (github.event_name == 'pull_request_target' &&
@@ -41,10 +38,7 @@
         github.event.label.name == 'ARMReview' ||
         github.event.label.name == 'ARMSignedOff' ||
         github.event.label.name == 'NotReadyForARMReview' ||
-        github.event.label.name == 'SuppressionReviewRequired')) ||
-      (github.event_name == 'issue_comment' &&
-       github.event.issue.pull_request &&
-       contains(github.event.comment.body, 'next steps to merge'))
+        github.event.label.name == 'SuppressionReviewRequired'))
 
     runs-on: ubuntu-24.04
 
@@ -97,15 +91,28 @@
           # Convert "add/remove" to "true/false"
           value: "${{ fromJson(steps.get-label-action.outputs.result).labelAction == 'add' }}"
 
+      # Required for consumers to identify the head SHA associated with this workflow run.
+      # Output can be trusted, because it was uploaded from a workflow that is trusted,
+      # because "issue_comment", and "workflow_run" only trigger on workflows in the default branch.
+      # Consumers should verify the "event_name" before attempting to extract from the artifact name.
+      - if: |
+          always() &&
+          (github.event_name == 'issue_comment' || github.event_name == 'workflow_run') &&
+          fromJson(steps.get-label-action.outputs.result).headSha
+        name: Upload artifact with head SHA
+        uses: ./.github/actions/add-empty-artifact
+        with:
+          name: "head-sha"
+          value: "${{ fromJson(steps.get-label-action.outputs.result).headSha }}"
+
       # Required for consumers to identify the PR associated with this workflow run.
       # Output can be trusted, because it was uploaded from a workflow that is trusted,
       # because "issue_comment", and "workflow_run" only trigger on workflows in the default branch.
       # Consumers should verify the "event_name" before attempting to extract from the artifact name.
       - if: |
-          (github.event_name == 'issue_comment' || 
-           github.event_name == 'workflow_run') &&
-          (fromJson(steps.get-label-action.outputs.result).labelAction == 'add' ||
-           fromJson(steps.get-label-action.outputs.result).labelAction == 'remove')
+          always() &&
+          (github.event_name == 'issue_comment' || github.event_name == 'workflow_run') &&
+          fromJson(steps.get-label-action.outputs.result).issueNumber > 0
         name: Upload artifact with issue number
         uses: ./.github/actions/add-empty-artifact
         with:

.github/workflows/breaking-change-add-label-artifacts.yaml

@@ -1,3 +1,3 @@
 name: "Breaking Change - Add Label Artifacts"
 
 on:
@@ -62,6 +62,13 @@
           name: "${{ steps.get-label-actions.outputs.versioningReviewLabelName }}"
           value: "${{ steps.get-label-actions.outputs.versioningReviewLabelValue == 'true' }}"
 
+      - if: ${{ always() && steps.get-label-actions.outputs.head_sha }}
+        name: Upload artifact with head SHA
+        uses: ./.github/actions/add-empty-artifact
+        with:
+          name: head-sha
+          value: ${{ steps.get-label-actions.outputs.head_sha }}
+
       - if: ${{ always() && steps.get-label-actions.outputs.issue_number > 0 }}
         name: Upload artifact with issue number
         uses: ./.github/actions/add-empty-artifact

.github/workflows/sdk-breaking-change-labels.yaml

@@ -1,3 +1,3 @@
 name: SDK Breaking Change Labels
 
 on:
@@ -58,10 +58,14 @@
           # Convert "add/remove" to "true/false"
           value: "${{ fromJson(steps.get-label-and-action.outputs.result).labelAction == 'add' }}"
 
-      - if: |
-          ((fromJson(steps.get-label-and-action.outputs.result).labelAction == 'add' ||
-          fromJson(steps.get-label-and-action.outputs.result).labelAction == 'remove') &&
-          fromJson(steps.get-label-and-action.outputs.result).issueNumber > 0)
+      - if: ${{ always() && fromJson(steps.get-label-and-action.outputs.result).headSha }}
+        name: Upload artifact with issue number
+        uses: ./.github/actions/add-empty-artifact
+        with:
+          name: "head-sha"
+          value: "${{ fromJson(steps.get-label-and-action.outputs.result).headSha }}"
+
+      - if: ${{ always() && fromJson(steps.get-label-and-action.outputs.result).issueNumber > 0 }}
         name: Upload artifact with issue number
         uses: ./.github/actions/add-empty-artifact
         with:

.github/workflows/spec-gen-sdk-status.yml

@@ -1,3 +1,3 @@
 name: "SDK Validation Status"
 
 on:
@@ -48,6 +48,13 @@
               (await import('${{ github.workspace }}/.github/workflows/src/spec-gen-sdk-status.js')).default;
             return await setStatus({ github, context, core });
 
+      - if: ${{ always() && steps.sdk-validation-status.outputs.head_sha }}
+        name: Upload artifact with head SHA
+        uses: ./.github/actions/add-empty-artifact
+        with:
+          name: head-sha
+          value: ${{ steps.sdk-validation-status.outputs.head_sha }}
+
       - if: ${{ always() && steps.sdk-validation-status.outputs.issue_number }}
         name: Upload artifact with issue number
         uses: ./.github/actions/add-empty-artifact

.github/workflows/src/arm-auto-signoff.js

@@ -1,7 +1,8 @@
 // @ts-check
 
 import { setEquals } from "../../shared/src/equality.js";
-import { PER_PAGE_MAX } from "../../shared/src/github.js";
+import { CommitStatusState, PER_PAGE_MAX } from "../../shared/src/github.js";
+import { byDate, invert } from "../../shared/src/sort.js";
 import { extractInputs } from "./context.js";
 import { LabelAction } from "./label.js";
 
@@ -33,20 +34,23 @@
  * @param {string} params.head_sha
  * @param {(import("@octokit/core").Octokit & import("@octokit/plugin-rest-endpoint-methods/dist-types/types.js").Api & { paginate: import("@octokit/plugin-paginate-rest").PaginateInterface; })} params.github
  * @param {typeof import("@actions/core")} params.core
- * @returns {Promise<{labelAction: LabelAction, issueNumber: number}>}
+ * @returns {Promise<{labelAction: LabelAction, headSha: string, issueNumber: number}>}
  */
 export async function getLabelActionImpl({ owner, repo, issue_number, head_sha, github, core }) {
   const labelActions = {
     [LabelAction.None]: {
       labelAction: LabelAction.None,
+      headSha: head_sha,
       issueNumber: issue_number,
     },
     [LabelAction.Add]: {
       labelAction: LabelAction.Add,
+      headSha: head_sha,
       issueNumber: issue_number,
     },
     [LabelAction.Remove]: {
       labelAction: LabelAction.Remove,
+      headSha: head_sha,
       issueNumber: issue_number,
     },
   };
@@ -139,52 +143,63 @@
     return removeAction;
   }
 
-  const checkRuns = await github.paginate(github.rest.checks.listForRef, {
+  const statuses = await github.paginate(github.rest.repos.listCommitStatusesForRef, {
     owner: owner,
     repo: repo,
     ref: head_sha,
     per_page: PER_PAGE_MAX,
   });
 
-  const requiredCheckNames = ["Swagger LintDiff", "Swagger Avocado"];
+  core.info("Statuses:");
+  statuses.forEach((status) => {
+    core.info(`- ${status.context}: ${status.state}`);
+  });
+
+  const requiredStatusNames = ["Swagger LintDiff", "Swagger Avocado"];
 
   /**
-   * @type {typeof checkRuns.check_runs}
+   * @type {typeof statuses}
    */
-  let requiredCheckRuns = [];
-
-  for (const checkName of requiredCheckNames) {
-    const matchingRuns = checkRuns.filter((run) => run.name === checkName);
-
-    if (matchingRuns.length > 1) {
-      throw new Error(`Unexpected number of checks named '${checkName}': ${matchingRuns.length}`);
-    }
-
-    const matchingRun = matchingRuns.length === 1 ? matchingRuns[0] : undefined;
-
-    core.info(
-      `${checkName}: Status='${matchingRun?.status}', Conclusion='${matchingRun?.conclusion}'`,
-    );
-
-    if (matchingRun && matchingRun.status === "completed" && matchingRun.conclusion !== "success") {
-      core.info(`Check '${checkName}' did not succeed`);
+  let requiredStatuses = [];
+
+  for (const statusName of requiredStatusNames) {
+    // The "statuses" array may contain multiple statuses with the same "context" (aka "name"),
+    // but different states and update times.  We only care about the latest.
+    const matchingStatuses = statuses
+      .filter((status) => status.context.toLowerCase() === statusName.toLowerCase())
+      .sort(invert(byDate((status) => status.updated_at)));
+
+    // undefined if matchingStatuses.length === 0 (which is OK)
+    const matchingStatus = matchingStatuses[0];
+
+    core.info(`${statusName}: State='${matchingStatus?.state}'`);
+
+    if (
+      matchingStatus &&
+      (matchingStatus.state === CommitStatusState.ERROR ||
+        matchingStatus.state === CommitStatusState.FAILURE)
+    ) {
+      core.info(`Status '${matchingStatus}' did not succeed`);
       return removeAction;
     }
 
-    if (matchingRun) {
-      requiredCheckRuns.push(matchingRun);
+    if (matchingStatus) {
+      requiredStatuses.push(matchingStatus);
     }
   }
 
   if (
-    setEquals(new Set(requiredCheckRuns.map((run) => run.name)), new Set(requiredCheckNames)) &&
-    requiredCheckRuns.every((run) => run.status === "completed" && run.conclusion === "success")
+    setEquals(
+      new Set(requiredStatuses.map((status) => status.context)),
+      new Set(requiredStatusNames),
+    ) &&
+    requiredStatuses.every((status) => status.state === CommitStatusState.SUCCESS)
   ) {
     core.info("All requirements met for auto-signoff");
     return labelActions[LabelAction.Add];
   }
 
-  // If any checks are missing or not completed, no-op to prevent frequent remove/add label as checks re-run
-  core.info("One or more checks are still in-progress");
+  // If any statuses are missing or pending, no-op to prevent frequent remove/add label as checks re-run
+  core.info("One or more statuses are still pending");
   return labelActions[LabelAction.None];
 }

.github/workflows/src/breaking-change-add-label-artifacts.js

@@ -74,6 +74,7 @@ export default async function getLabelActions({ github, context, core }) {
     })
   ).map((a) => a.name);
 
+  core.setOutput("head_sha", head_sha);
   core.setOutput("issue_number", issue_number);
 
   if (