-
Notifications
You must be signed in to change notification settings - Fork 156
56 lines (48 loc) · 1.84 KB
/
pr-comment.yml
File metadata and controls
56 lines (48 loc) · 1.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# Post test results as pull request comment.
#
# This is done as a separate workflow as it requires write permissions. The
# tests itself might run off of a fork, i.e., an untrusted environment and should
# thus not be granted write permissions.
name: PR Comment
on:
workflow_run:
workflows: ["QNS PR", "cargo bench", "Performance comparison"]
types:
- completed # zizmor: ignore[dangerous-triggers]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
comment:
name: Comment on PR
permissions:
pull-requests: write # This permission is required to post comments on PRs.
runs-on: ubuntu-24.04
if: |
github.event.workflow_run.event == 'pull_request' &&
(github.event.workflow_run.conclusion == 'success' || github.event.workflow_run.conclusion == 'failure')
steps:
# No checkout — eliminates .git/config overwrite attack surface.
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
run-id: ${{ github.event.workflow_run.id }}
name: ${{ github.event.workflow_run.name }}
path: comment-data
github-token: ${{ secrets.GITHUB_TOKEN }}
- id: pr-number
shell: bash
run: echo "number=$(cat comment-data/pr-number)" >> "$GITHUB_OUTPUT"
- shell: bash
run: |
{
echo
cat comment-data/log-md
} >> comment-data/contents || true
- uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
with:
file-path: comment-data/contents
mode: recreate
pr-number: ${{ steps.pr-number.outputs.number }}
comment-tag: ${{ github.event.workflow_run.name }}-comment