jabref/.github/workflows/pr-comment.yml at 28759fe3264e3b8d421e348bf39152db5294cb28 · JabRef/jabref · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
# Description: This workflow is triggered when the "Check" workflow completes.
# Since this pull request has write permissions on the target repo, we should **NOT** execute any untrusted code.
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
# Based on https://github.com/spring-projects/spring-security/pull/15477/files

name: Comment on PR

on:
  workflow_run:
    # note when updating via a PR and testing - `workflow_run` executes from the `main` branch and not the PR branch
    workflows: [ "Source Code Tests", "On PR opened/updated", "Check PR Format", "Link PR to Issue", "Check PR Modifications", "Check PR CHANGELOG.md" ]
    # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#running-a-workflow-based-on-the-conclusion-of-another-workflow
    types: [ completed ]
  workflow_dispatch:
    inputs:
      pr_number:
        description: 'PR number'
        required: true
      workflow_run_id:
        description: 'Workflow run id'
        required: true

jobs:
  comment:
    if: ${{ github.repository == 'JabRef/jabref' }}
    runs-on: ubuntu-slim
    permissions:
      actions: read
      contents: write
      pull-requests: write
    timeout-minutes: 10
    steps:
      - name: Show GitHub context
        env:
          PR_NUMBER: ${{ github.event.inputs.pr_number }}
          WORKFLOW_RUN_ID: ${{ github.event.inputs.workflow_run_id }}
          EVENT_NAME: ${{ github.event_name }}
          WORKFLOW: ${{ github.event.workflow_run.name }}
          RUN_ID: ${{ github.run_id }}
          RUN_NUMBER: ${{ github.run_number }}
        run: |
          echo "PR_NUMBER=${PR_NUMBER}"
          echo "WORKFLOW_RUN_ID=${WORKFLOW_RUN_ID}"
          echo "EVENT_NAME=${EVENT_NAME}"
          echo "WORKFLOW=${WORKFLOW}"
          echo "RUN_ID=${RUN_ID}"
          echo "RUN_NUMBER=${RUN_NUMBER}"
          echo "Workflow $WORKFLOW" >> $GITHUB_STEP_SUMMARY

      - name: Download PR number
        if: ${{ github.event_name != 'workflow_dispatch' }}
        uses: actions/download-artifact@v7
        continue-on-error: true
        with:
          name: pr_number
          github-token: ${{ secrets.GITHUB_TOKEN }}
          run-id: ${{ github.event.workflow_run.id }}

      - name: Read pr_number.txt
        if: ${{ github.event_name != 'workflow_dispatch' }}
        id: read-pr_number
        run: |
          touch pr_number.txt
          PR_NUMBER=$(cat pr_number.txt)
          echo "Read PR number $PR_NUMBER"
          echo "pr_number=$PR_NUMBER" >> $GITHUB_OUTPUT
          echo "PR #" >> $GITHUB_STEP_SUMMARY

      - name: Checkout
        # required for gh tool and .github/ghprcomment.yml
        uses: actions/checkout@v6
        with:
          show-progress: 'false'
          token: ${{ secrets.GITHUB_TOKEN }}

      - uses: awalsh128/cache-apt-pkgs-action@latest
        with:
          packages: jq
          version: 1.0
      - name: Is PR from forked?
        if: ${{ github.event_name != 'workflow_dispatch' && steps.read-pr_number.outputs.pr_number != '' }}
        id: isCrossRepository
        run: |
          isCrossRepository=$(gh pr view $pr_number --json isCrossRepository --jq '.isCrossRepository')
          echo "Got isCrossRepository $isCrossRepository"
          echo isCrossRepository=$isCrossRepository >> $GITHUB_OUTPUT
        env:
          GH_TOKEN: ${{ github.token }}
          pr_number: ${{ steps.read-pr_number.outputs.pr_number }}

      # Set a common variable for PR number and workflow_run_id from either event.
      - name: Set variables
        if: ${{ github.event_name == 'workflow_dispatch' || (steps.read-pr_number.outputs.pr_number != '' && steps.isCrossRepository.outputs.isCrossRepository == 'true') }}
        id: set-vars
        run: |
          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            echo "pr_number=${{ github.event.inputs.pr_number }}" >> $GITHUB_OUTPUT
            echo "workflow_run_id=${{ github.event.inputs.workflow_run_id }}" >> $GITHUB_OUTPUT
          else
            echo "pr_number=${{ steps.read-pr_number.outputs.pr_number }}" >> $GITHUB_OUTPUT
            echo "workflow_run_id=${{ github.event.workflow_run.id }}" >> $GITHUB_OUTPUT
          fi

      - name: "Check if PR has 'dev: no-bot-comments' label"
        if: ${{ github.event_name == 'workflow_dispatch' || (steps.read-pr_number.outputs.pr_number != '' && steps.isCrossRepository.outputs.isCrossRepository == 'true') }}
        id: check-label
        run: |
          has_label=$(gh pr view "${{ steps.set-vars.outputs.pr_number }}" --json labels -q \
            '.labels[].name' | grep -Fxq "dev: no-bot-comments" && echo "true" || echo "false")
          echo "has_label=$has_label" >> "$GITHUB_OUTPUT"
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      # Setup JBang (included at setup-gralde)
      - uses: ./.github/actions/setup-gradle
        if: ${{ github.event_name == 'workflow_dispatch' || (steps.check-label.outputs.has_label == 'false' && steps.read-pr_number.outputs.pr_number != '' && steps.isCrossRepository.outputs.isCrossRepository == 'true') }}

      - name: ghprcomment@main
        if: ${{ github.event_name == 'workflow_dispatch' || (steps.check-label.outputs.has_label == 'false' && steps.read-pr_number.outputs.pr_number != '' && steps.isCrossRepository.outputs.isCrossRepository == 'true') }}
        run: |
          jbang trust add https://github.com/koppor/ghprcomment/blob/main/ghprcomment.java
          jbang https://github.com/koppor/ghprcomment/blob/main/ghprcomment.java -r JabRef/jabref -p ${{ steps.set-vars.outputs.pr_number }} -w ${{ steps.set-vars.outputs.workflow_run_id }}
        env:
          GITHUB_OAUTH: ${{ secrets.GH_TOKEN_JABREF_MACHINE_PR_APPROVE }}

      - name: 'Adapt label "status: changes-required"'
        if: ${{ github.event_name == 'workflow_dispatch' || (github.event.workflow_run.name == 'Source Code Tests') && (steps.read-pr_number.outputs.pr_number != '' && steps.isCrossRepository.outputs.isCrossRepository == 'true') }}
        run: |
          echo "PR #$PR_NUMBER" >> $GITHUB_STEP_SUMMARY

          REPO="${{ github.repository }}"

          COMMENTS=$(gh api \
            repos/$REPO/issues/$PR_NUMBER/comments \
            --jq '.[] | select(.user.login=="jabref-machine")')

          if [[ -n "$COMMENTS" ]]; then
            echo "Bot comments - adding label changes-required"
            gh issue --repo $REPO edit $PR_NUMBER --remove-label "status: ready-for-review,status: no-bot-comments,status: stale" --add-label "status: changes-required"
            echo "Bot comments - added label changes-required" >> $GITHUB_STEP_SUMMARY
          else
            echo "No bot comments - removing label changes-required and adding no-bot-comments"
            gh issue --repo $REPO edit $PR_NUMBER --remove-label "status: changes-required,status: stale" --add-label "status: no-bot-comments"
            echo "No bot comments - removed label changes-required and added no-bot-comments" >> $GITHUB_STEP_SUMMARY
          fi
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PR_NUMBER: ${{ steps.set-vars.outputs.pr_number }}