From eba8b0b2f157d47e24cd146267505b6747ccc1af Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Fri, 13 Sep 2024 14:23:20 +0200 Subject: [PATCH] Support adding comments for PRs coming from a fork --- .../addLicenseCheckCommentForForks.yml | 53 +++++++++++++++++++ .github/workflows/mavenLicenseCheck.yml | 40 +++++++++----- 2 files changed, 79 insertions(+), 14 deletions(-) create mode 100644 .github/workflows/addLicenseCheckCommentForForks.yml diff --git a/.github/workflows/addLicenseCheckCommentForForks.yml b/.github/workflows/addLicenseCheckCommentForForks.yml new file mode 100644 index 00000000..4c40b342 --- /dev/null +++ b/.github/workflows/addLicenseCheckCommentForForks.yml @@ -0,0 +1,53 @@ +name: Add license check comment for PRs coming from a fork + +on: + workflow_call: + +jobs: + add-pr-comment-for-forks: + runs-on: ubuntu-latest + permissions: + pull-requests: write + if: | + github.event.workflow_run.event == 'pull_request' && + github.event.workflow_run.head_repository.full_name != github.repository + steps: + - name: 'Download artifact' + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + script: | + var artifacts = await github.rest.actions.listWorkflowRunArtifacts({ + owner: context.repo.owner, + repo: context.repo.repo, + run_id: ${{github.event.workflow_run.id }}, + }); + var matchArtifact = artifacts.data.artifacts.filter((artifact) => { + return artifact.name == "pr-comment" + })[0]; + var download = await github.rest.actions.downloadArtifact({ + owner: context.repo.owner, + repo: context.repo.repo, + artifact_id: matchArtifact.id, + archive_format: 'zip', + }); + var fs = require('fs'); + fs.writeFileSync('${{github.workspace}}/pr-comment.zip', Buffer.from(download.data)); + + - run: unzip pr-comment.zip + + - name: 'Comment on PR' + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + var fs = require('fs'); + + const issue_number = Number(fs.readFileSync('./pr.txt')); + const body = fs.readFileSync('./comment.txt', { encoding: 'utf8', flag: 'r' }); + + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: issue_number, + body: body + }); \ No newline at end of file diff --git a/.github/workflows/mavenLicenseCheck.yml b/.github/workflows/mavenLicenseCheck.yml index 3d649309..e4bf2033 100644 --- a/.github/workflows/mavenLicenseCheck.yml +++ b/.github/workflows/mavenLicenseCheck.yml @@ -64,7 +64,7 @@ jobs: steps: - name: Check dependabot PR if: > - github.event_name == 'pull_request' + github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened') && github.actor == 'dependabot[bot]' && github.actor_id == '49699333' run: echo "isDependabotPR=1" >> $GITHUB_ENV @@ -86,7 +86,7 @@ jobs: if: | (steps.request-review.outputs.request-review || steps.license-check.outputs.license-check) && (!env.isDependabotPR) - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@v7 with: script: | const payload = await github.rest.repos.getCollaboratorPermissionLevel({ @@ -119,25 +119,25 @@ jobs: # and for events triggered by PR creation/updates the ref is 'refs/pull//merge'. # So by default only the master-branch would be considered when requesting license-reviews, but we want the PR's state. # Unless the PR is closed, then we want the master-branch, which allows subsequent license review requests. - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@v4 # use default ref 'refs/pull//merge' for PR-events and 'refs/heads/master' for comments if the PR is closed if: github.event.issue.pull_request == '' || github.event.issue.state != 'open' with: submodules: ${{ inputs.submodules }} - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@v4 if: github.event.issue.pull_request != '' && github.event.issue.state == 'open' with: ref: 'refs/pull/${{ github.event.issue.number }}/merge' submodules: ${{ inputs.submodules }} - - uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0 + - uses: actions/setup-java@v4 with: java-version: ${{ inputs.javaVersion }} distribution: 'temurin' - name: Cache local Maven repository - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@v4 with: path: ~/.m2/repository # re-cache on changes in the pom and target files @@ -156,7 +156,7 @@ jobs: - name: Check license vetting status (and ask for review if requested) id: check-license-vetting - uses: eclipse-dash/dash-licenses/.github/actions/maven-license-check-action@master + uses: netomi/dash-licenses/.github/actions/maven-license-check-action@master with: request-review: ${{ env.request-review }} project-id: ${{ inputs.projectId }} @@ -166,7 +166,7 @@ jobs: - name: Process license check results id: process-results if: always() - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@v7 with: result-encoding: string script: | @@ -240,8 +240,6 @@ jobs: run: | echo '${{steps.process-results.outputs.result}}' >> $GITHUB_STEP_SUMMARY - # Adjust the comment header based on the requested action to ensure that request review comments - # do not get hidden by license checks. - name: Determine comment header if: ${{env.request-review}} run: echo "comment-header=''" >> "$GITHUB_ENV" @@ -249,7 +247,7 @@ jobs: # Add the process result as comment to the PR if an update has been requested # or if the PR is not coming from a fork (in which case we don't have write tokens) - name: Adding comment to PR - uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 + uses: marocchino/sticky-pull-request-comment@v2 if: | always() && (github.event_name == 'issue_comment' || github.event.pull_request.head.repo.full_name == github.repository) @@ -261,6 +259,15 @@ jobs: message: | ${{steps.process-results.outputs.result}} + - name: Store PR comment and PR number + if: always() + env: + PR: ${{github.event.issue.number || github.event.pull_request.number}} + run: | + mkdir -p ./pr-comment + echo ${PR} > ./pr-comment/pr.txt + echo '${{steps.process-results.outputs.result}}' > ./pr-comment/comment.txt + - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 if: always() with: @@ -269,9 +276,14 @@ jobs: target/dash/review-summary target/dash/summary - # If a rerun is requested, trigger a rerun of the check for the HEAD SHA of the PR - # The reason we do that is because only workflows runs with trigger "pull_request" - # are displayed in the checks tab of a PR. + - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + if: always() + with: + name: 'pr-comment' + path: | + pr-comment/pr.txt + pr-comment/comment.txt + rerun-check: needs: check-request if: ${{needs.check-request.outputs.license-check == '1'}}