Merge pull request #1116 from alltilla/github-actions-hardening #901
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########################################################################### | |
| # | |
| # If there are new commits on main, while we have a version bump PR open, | |
| # this job automatically comments on the PR, mentioning the new commits, | |
| # so we will not forget to follow-up the changes. | |
| # | |
| ########################################################################### | |
| name: Comment on version bump PR | |
| permissions: | |
| contents: read | |
| on: | |
| push: | |
| branches: | |
| - main | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| cancel-in-progress: false | |
| jobs: | |
| comment-on-version-bump-pr: | |
| name: Comment on version bump PR | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read # checkout source | |
| pull-requests: write # comment on version bump PR about new commits on main | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| COMMIT_URL: https://github.com/${{ github.repository_owner }}/axosyslog/commit/${{ github.sha }} | |
| steps: | |
| - name: Checkout AxoSyslog source | |
| uses: actions/checkout@v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Check if version bump PR is open | |
| run: | | |
| . .github/workflows/gh-tools.sh | |
| PR_NUMBER=$(gh pr list --state "open" --label "version-bump" --json "number" --jq ".[0].number") | |
| [ -z ${PR_NUMBER} ] && echo "No version bump PR is open. Skipping." | |
| gh_export PR_NUMBER | |
| - name: Comment | |
| if: env.PR_NUMBER != '' | |
| run: | | |
| COMMENT="There are new commits (${COMMIT_URL}) on main. Please follow-up any necessary changes." | |
| gh pr comment \ | |
| "${PR_NUMBER}" \ | |
| --body "${COMMENT}" |