From 33f19cbd22a99543405566745a11278f3393ec41 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Mon, 7 Oct 2024 12:46:14 +0200 Subject: [PATCH 1/3] github-actions: notify github commands for all the observability code --- .github/workflows/oblt-github-commands.yml | 29 ++++------------------ 1 file changed, 5 insertions(+), 24 deletions(-) diff --git a/.github/workflows/oblt-github-commands.yml b/.github/workflows/oblt-github-commands.yml index d3f4bd61b817e..eeb70df90a286 100644 --- a/.github/workflows/oblt-github-commands.yml +++ b/.github/workflows/oblt-github-commands.yml @@ -8,39 +8,20 @@ name: oblt-github-commands on: - pull_request_target: + pull_request: types: - - opened + - labeled permissions: contents: read jobs: - comment-if-oblt-member: + comment: + if: ${{ github.event.label.name == 'ci:project-deploy-observability' }} runs-on: ubuntu-latest steps: - - uses: elastic/apm-pipeline-library/.github/actions/github-token@current + - uses: actions/github-script@v7 with: - url: ${{ secrets.OBLT_VAULT_ADDR }} - roleId: ${{ secrets.OBLT_VAULT_ROLE_ID }} - secretId: ${{ secrets.OBLT_VAULT_SECRET_ID }} - - - id: is_team_member - name: Check if user is member of the Elastic org and Observability team - run: | - if gh api -H "Accept: application/vnd.github+json" \ - /orgs/elastic/teams/observability/memberships/${{ github.actor }} ; then - echo "result=true" >> $GITHUB_OUTPUT - else - echo "result=false" >> $GITHUB_OUTPUT - fi - env: - GH_TOKEN: ${{ env.GITHUB_TOKEN }} - - - if: ${{ steps.is_team_member.outputs.result == 'true' }} - uses: actions/github-script@v6 - with: - github-token: ${{ env.GITHUB_TOKEN }} script: | const body = ` ### :robot: GitHub comments From 5282d21619b7f34becc38ccaff48ce3b9727629f Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Mon, 7 Oct 2024 12:48:10 +0200 Subject: [PATCH 2/3] allow writing --- .github/workflows/oblt-github-commands.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/oblt-github-commands.yml b/.github/workflows/oblt-github-commands.yml index eeb70df90a286..99f8fb28662ab 100644 --- a/.github/workflows/oblt-github-commands.yml +++ b/.github/workflows/oblt-github-commands.yml @@ -14,6 +14,7 @@ on: permissions: contents: read + pull-requests: write jobs: comment: From 0060b462d0307929f6d63bc465690f01ea754cf7 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Mon, 7 Oct 2024 15:49:31 +0200 Subject: [PATCH 3/3] pin version as requested --- .github/workflows/oblt-github-commands.yml | 2 +- renovate.json | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/oblt-github-commands.yml b/.github/workflows/oblt-github-commands.yml index 99f8fb28662ab..443c0fa5f9071 100644 --- a/.github/workflows/oblt-github-commands.yml +++ b/.github/workflows/oblt-github-commands.yml @@ -21,7 +21,7 @@ jobs: if: ${{ github.event.label.name == 'ci:project-deploy-observability' }} runs-on: ubuntu-latest steps: - - uses: actions/github-script@v7 + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const body = ` diff --git a/renovate.json b/renovate.json index 029dab13f394f..b66d29c13ca0d 100644 --- a/renovate.json +++ b/renovate.json @@ -41,6 +41,7 @@ "matchManagers": ["github-actions"], "matchPackageNames": [ "actions/checkout", + "actions/github-script", "elastic/github-actions/project-assigner", "hmarr/auto-approve-action", "octokit/graphql-action",