fix

trask · trask · commit 95e91aeb6053 · 2025-05-19T12:31:26.000-07:00
diff --git a/.github/workflows/auto-spotless-apply.yml b/.github/workflows/auto-spotless-apply.yml
@@ -16,93 +16,73 @@ jobs:
       contents: write
       pull-requests: write
     steps:
-      - id: download-patch
-        name: Download patch
-        uses: actions/github-script@v7.0.1
+      - name: Download patch
+        uses: actions/download-artifact@v4.3.0
         with:
-          # this script copied from
-          # https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#using-data-from-the-triggering-workflow
-          script: |
-            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               run_id: context.payload.workflow_run.id
-            });
-            let patchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
-              return artifact.name == "patch"
-            })[0];
-            if (!patchArtifact) {
-              core.info('No patch to apply.');
-              return;
-            }
-            let download = await github.rest.actions.downloadArtifact({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               artifact_id: patchArtifact.id,
-               archive_format: 'zip'
-            });
-            const fs = require('fs');
-            const path = require('path');
-            const temp = '${{ runner.temp }}/artifacts';
-            if (!fs.existsSync(temp)){
-              fs.mkdirSync(temp);
-            }
-            fs.writeFileSync(path.join(temp, 'patch.zip'), Buffer.from(download.data));
-            core.setOutput("exists", "true");
+          run-id: ${{ github.event.workflow_run.id }}
+          name: patch
+          path: ${{ runner.temp }}
+
+      - id: unzip-patch
+        name: Unzip patch
+        working-directory: ${{ runner.temp }}
+        run: |
+          if [ -f patch.zip ]; then
+            unzip patch.zip
+            echo "exists=true" >> $GITHUB_OUTPUT
+          fi
 
       - id: get-pr-number
+        if: steps.unzip-patch.outputs.exists == 'true'
         name: Get PR number
-        uses: actions/github-script@v7.0.1
-        with:
-          script: |
-            const response = await github.request(context.payload.workflow_run.url);
-            core.setOutput('pr-number', response.data.pull_requests[0].number);
-
-      - name: Unzip patch
-        if: steps.download-patch.outputs.exists == 'true'
-        working-directory: ${{ runner.temp }}/artifacts
-        run: unzip patch.zip
+        env:
+          PR_BRANCH: |-
+            ${{
+              (github.event.workflow_run.head_repository.owner.login != github.event.workflow_run.repository.owner.login)
+                && format('{0}:{1}', github.event.workflow_run.head_repository.owner.login, github.event.workflow_run.head_branch)
+                || github.event.workflow_run.head_branch
+            }}
+        run: |
+          gh pr view "${PR_BRANCH}" --json 'number' --jq '"pr-number=\(.number)' >> $GITHUB_OUTPUT
 
       - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
-        if: steps.download-patch.outputs.exists == 'true'
+        if: steps.unzip-patch.outputs.exists == 'true'
         id: otelbot-token
         with:
           app-id: 1295839
-          private-key: ${{ secrets.OTELBOT_JAVA_CONTRIB_PRIVATE_KEY }}
+          private-key: ${{ secrets.OTELBOT_JAVA_INSTRUMENTATION_PRIVATE_KEY }}
 
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        if: steps.download-patch.outputs.exists == 'true'
+        if: steps.unzip-patch.outputs.exists == 'true'
         with:
           token: ${{ steps.otelbot-token.outputs.token }}
 
       - name: Check out PR branch
-        if: steps.download-patch.outputs.exists == 'true'
-        env:
-          GH_TOKEN: ${{ github.token }}
+        if: steps.unzip-patch.outputs.exists == 'true'
         run: gh pr checkout ${{ steps.get-pr-number.outputs.pr-number }}
 
       - name: Use CLA approved github bot
-        if: steps.download-patch.outputs.exists == 'true'
+        if: steps.unzip-patch.outputs.exists == 'true'
         # IMPORTANT do not call the .github/scripts/use-cla-approved-bot.sh
         # since that script could have been compromised in the PR branch
         run: |
           git config user.name otelbot
           git config user.email 197425009+otelbot@users.noreply.github.com
 
       - name: Apply patch and push
-        if: steps.download-patch.outputs.exists == 'true'
+        if: steps.unzip-patch.outputs.exists == 'true'
         run: |
-          git apply "${{ runner.temp }}/artifacts/patch"
+          git apply "${{ runner.temp }}/patch"
           git commit -a -m "./gradlew spotlessApply"
           git push
 
-      - if: steps.download-patch.outputs.exists == 'true' && success()
+      - if: steps.unzip-patch.outputs.exists == 'true' && success()
         env:
           GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}
         run: |
           gh pr comment ${{ steps.get-pr-number.outputs.pr-number }} --body "🔧 The result from spotlessApply was committed to the PR branch."
 
-      - if: steps.download-patch.outputs.exists == 'true' && failure()
+      - if: steps.unzip-patch.outputs.exists == 'true' && failure()
         env:
           GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}
         run: |
diff --git a/.github/workflows/auto-spotless-check.yml b/.github/workflows/auto-spotless-check.yml
@@ -30,8 +30,6 @@ jobs:
           cache-read-only: true
 
       - name: Check out PR branch
-        env:
-          GH_TOKEN: ${{ github.token }}
         run: gh pr checkout ${{ github.event.pull_request.number }}
 
       - name: Spotless
