safety-critical-rust-coding-guidelines/.github/workflows/reviewer-bot-issue-comment-direct.yml at main · Safety-Critical-Rust-Consortium/safety-critical-rust-coding-guidelines · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
name: Reviewer Bot Issue Comment Direct

on:
  issue_comment:
    types: [created]

permissions:
  contents: read

env:
  STATE_ISSUE_NUMBER: '314'

jobs:
  reviewer-bot-issue-comment-direct:
    if: ${{ github.event.issue.pull_request == null }}
    runs-on: ubuntu-latest
    permissions:
      # Temporary lock debt: contents:write is allowed only for the existing lock-ref API operations.
      contents: write
      issues: write
      pull-requests: write
      actions: read
    steps:
      - name: Install uv
        run: python -m pip install uv
      - name: Fetch trusted bot source tarball
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          python - <<'PY'
          import io, os, tarfile, urllib.request
          from pathlib import Path
          repo = os.environ['GITHUB_REPOSITORY']
          ref = os.environ['GITHUB_SHA']
          req = urllib.request.Request(
              f'https://api.github.com/repos/{repo}/tarball/{ref}',
              headers={'Authorization': f"Bearer {os.environ['GITHUB_TOKEN']}", 'Accept': 'application/vnd.github+json'},
          )
          target = Path(os.environ['RUNNER_TEMP']) / 'reviewer-bot-src'
          target.mkdir(parents=True, exist_ok=True)
          with urllib.request.urlopen(req) as response:
              data = response.read()
          with tarfile.open(fileobj=io.BytesIO(data), mode='r:gz') as archive:
              archive.extractall(target)
          roots = list(target.iterdir())
          print(f'BOT_SRC_ROOT={roots[0]}', file=open(os.environ['GITHUB_ENV'], 'a', encoding='utf-8'))
          PY
      - name: Run reviewer bot
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          EVENT_NAME: issue_comment
          EVENT_ACTION: created
          ISSUE_NUMBER: ${{ github.event.issue.number }}
          IS_PULL_REQUEST: 'false'
          ISSUE_STATE: ${{ github.event.issue.state }}
          ISSUE_TITLE: ${{ github.event.issue.title }}
          ISSUE_AUTHOR: ${{ github.event.issue.user.login }}
          ISSUE_HTML_URL: ${{ github.event.issue.html_url }}
          ISSUE_LABELS: ${{ toJson(github.event.issue.labels.*.name) }}
          COMMENT_BODY: ${{ github.event.comment.body }}
          COMMENT_AUTHOR: ${{ github.event.comment.user.login }}
          COMMENT_AUTHOR_ID: ${{ github.event.comment.user.id }}
          COMMENT_ID: ${{ github.event.comment.id }}
          COMMENT_CREATED_AT: ${{ github.event.comment.created_at }}
          COMMENT_USER_TYPE: ${{ github.event.comment.user.type }}
          COMMENT_SENDER_TYPE: ${{ github.event.sender.type }}
          COMMENT_INSTALLATION_ID: ${{ github.event.installation.id }}
          COMMENT_PERFORMED_VIA_GITHUB_APP: ${{ github.event.comment.performed_via_github_app != null }}
          REPO_OWNER: ${{ github.repository_owner }}
          REPO_NAME: ${{ github.event.repository.name }}
          GITHUB_REPOSITORY: ${{ github.repository }}
          GITHUB_REF: ${{ github.ref }}
          WORKFLOW_RUN_ID: ${{ github.run_id }}
          WORKFLOW_NAME: ${{ github.workflow }}
          WORKFLOW_JOB_NAME: ${{ github.job }}
        run: uv run --project "$BOT_SRC_ROOT" reviewer-bot