Support adding comments for PRs coming from a fork

eclipse-dash · Sep 13, 2024 · eba8b0b · eba8b0b
1 parent 152ce3c
commit eba8b0b
Show file tree

Hide file tree

Showing 2 changed files with 79 additions and 14 deletions.
diff --git a/.github/workflows/addLicenseCheckCommentForForks.yml b/.github/workflows/addLicenseCheckCommentForForks.yml
@@ -0,0 +1,53 @@
+name: Add license check comment for PRs coming from a fork
+
+on:
+  workflow_call:
+
+jobs:
+  add-pr-comment-for-forks:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    if: |
+      github.event.workflow_run.event == 'pull_request' &&
+      github.event.workflow_run.head_repository.full_name != github.repository
+    steps:
+      - name: 'Download artifact'
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          script: |
+            var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               run_id: ${{github.event.workflow_run.id }},
+            });
+            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
+              return artifact.name == "pr-comment"
+            })[0];
+            var download = await github.rest.actions.downloadArtifact({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               artifact_id: matchArtifact.id,
+               archive_format: 'zip',
+            });
+            var fs = require('fs');
+            fs.writeFileSync('${{github.workspace}}/pr-comment.zip', Buffer.from(download.data));
+
+      - run: unzip pr-comment.zip
+
+      - name: 'Comment on PR'
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            var fs = require('fs');
+
+            const issue_number = Number(fs.readFileSync('./pr.txt'));
+            const body = fs.readFileSync('./comment.txt', { encoding: 'utf8', flag: 'r' });
+
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: issue_number,
+              body: body
+            });
diff --git a/.github/workflows/mavenLicenseCheck.yml b/.github/workflows/mavenLicenseCheck.yml
@@ -64,7 +64,7 @@ jobs:
     steps:
     - name: Check dependabot PR
       if: >
-        github.event_name == 'pull_request'
+        github.event_name == 'pull_request' 
         && (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened')
         && github.actor == 'dependabot[bot]' && github.actor_id == '49699333'
       run: echo "isDependabotPR=1" >> $GITHUB_ENV
@@ -86,7 +86,7 @@ jobs:
       if: |
         (steps.request-review.outputs.request-review || steps.license-check.outputs.license-check)
         && (!env.isDependabotPR)
-      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      uses: actions/github-script@v7
       with:
         script: |
           const payload = await github.rest.repos.getCollaboratorPermissionLevel({
@@ -119,25 +119,25 @@ jobs:
     # and for events triggered by PR creation/updates the ref is 'refs/pull/<PR-number>/merge'.
     # So by default only the master-branch would be considered when requesting license-reviews, but we want the PR's state.
     # Unless the PR is closed, then we want the master-branch, which allows subsequent license review requests.
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@v4
       # use default ref 'refs/pull/<PR-number>/merge' for PR-events and 'refs/heads/master' for comments if the PR is closed
       if: github.event.issue.pull_request == '' || github.event.issue.state != 'open'
       with:
         submodules: ${{ inputs.submodules }}
 
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@v4
       if: github.event.issue.pull_request != '' && github.event.issue.state == 'open'
       with:
         ref: 'refs/pull/${{ github.event.issue.number }}/merge'
         submodules: ${{ inputs.submodules }}
 
-    - uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0
+    - uses: actions/setup-java@v4
       with:
         java-version: ${{ inputs.javaVersion }}
         distribution: 'temurin'
 
     - name: Cache local Maven repository
-      uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+      uses: actions/cache@v4
       with:
         path: ~/.m2/repository
         # re-cache on changes in the pom and target files
@@ -156,7 +156,7 @@ jobs:
 
     - name: Check license vetting status (and ask for review if requested)
       id: check-license-vetting
-      uses: eclipse-dash/dash-licenses/.github/actions/maven-license-check-action@master
+      uses: netomi/dash-licenses/.github/actions/maven-license-check-action@master
       with:
         request-review: ${{ env.request-review }}
         project-id: ${{ inputs.projectId }}
@@ -166,7 +166,7 @@ jobs:
     - name: Process license check results
       id: process-results
       if: always()
-      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      uses: actions/github-script@v7
       with:
         result-encoding: string
         script: |
@@ -240,16 +240,14 @@ jobs:
       run: |
         echo '${{steps.process-results.outputs.result}}' >> $GITHUB_STEP_SUMMARY
 
-    # Adjust the comment header based on the requested action to ensure that request review comments
-    # do not get hidden by license checks.
     - name: Determine comment header
       if: ${{env.request-review}}
       run: echo "comment-header='<!-- tag-review-request-comment -->'" >> "$GITHUB_ENV"
 
     # Add the process result as comment to the PR if an update has been requested
     # or if the PR is not coming from a fork (in which case we don't have write tokens)
     - name: Adding comment to PR
-      uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0
+      uses: marocchino/sticky-pull-request-comment@v2
       if: |
         always()
         && (github.event_name == 'issue_comment' || github.event.pull_request.head.repo.full_name == github.repository)
@@ -261,6 +259,15 @@ jobs:
         message: |
           ${{steps.process-results.outputs.result}}
 
+    - name: Store PR comment and PR number
+      if: always()
+      env:
+        PR: ${{github.event.issue.number || github.event.pull_request.number}}
+      run: |
+        mkdir -p ./pr-comment
+        echo ${PR} > ./pr-comment/pr.txt
+        echo '${{steps.process-results.outputs.result}}' > ./pr-comment/comment.txt
+
     - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
       if: always()
       with:
@@ -269,9 +276,14 @@ jobs:
           target/dash/review-summary
           target/dash/summary
 
-  # If a rerun is requested, trigger a rerun of the check for the HEAD SHA of the PR
-  # The reason we do that is because only workflows runs with trigger "pull_request"
-  # are displayed in the checks tab of a PR.
+    - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+      if: always()
+      with:
+        name: 'pr-comment'
+        path: |
+          pr-comment/pr.txt
+          pr-comment/comment.txt
+
   rerun-check:
     needs: check-request
     if: ${{needs.check-request.outputs.license-check == '1'}}