geti-instant-learn/.github/workflows/build-images-comment.yml at main · rajeshgangireddy/geti-instant-learn · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# GitHub Actions workflow that builds container images when triggered by a PR comment.
#
# This workflow is triggered when a user comments "/build" on a pull request.
# It performs the following steps:
# 1. Validates that the commenter has appropriate permissions (COLLABORATOR, MEMBER, or OWNER)
# 2. Retrieves the PR's head SHA commit to ensure consistency
# 3. Checks for race conditions between the comment and PR updates
# 4. Generates a build version from the checked-out code
# 5. Triggers the distrib.yml workflow to build the images
# 6. Comments back on the PR with the build result (success or failure)

name: Build images on PR comment
on:
  issue_comment:
    types: [created]

permissions: {} # No permissions by default

jobs:
  get-sha-commit:
    name: Get SHA commit
    env:
      COMMENT_CREATED_AT: ${{ github.event.comment.created_at }}
    if: github.event.issue.pull_request && github.event.comment.body == '/build'
    runs-on: ${{ github.repository_owner == 'open-edge-platform' && 'overflow' || 'ubuntu-latest' }}
    permissions:
      pull-requests: write # to comment on a pull request
    outputs:
      head: ${{ steps.get-sha-commit.outputs.head }}
    steps:
      - name: Validate and get sha commit
        id: get-sha-commit
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          script: |
            const allowedAssociations = ["COLLABORATOR", "MEMBER", "OWNER"];
            const authorAssociation = context.payload.comment.author_association
            if (!allowedAssociations.includes(authorAssociation)) {
              core.setFailed("You don't have access to run this workflow");
              return
            }

            const response = await github.rest.pulls.get({
              owner: context.repo.owner,
              repo: context.repo.repo,
              pull_number: context.issue.number,
            })

            // avoid race condition between comment and fetching PR head sha
            const commentTime = new Date(process.env.COMMENT_CREATED_AT);
            const prTime = new Date(response.data.head.repo.pushed_at)
            if (prTime >= commentTime) {
              core.setFailed("The PR may have been updated since the image build request, " +
                             "please review any changes and relaunch if safe.");
              return
            }

            core.setOutput('head', response.data.head.sha)

      - uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
        with:
          comment-id: ${{ github.event.comment.id }}
          reactions: "rocket"

  get-build-version:
    name: Generate build version
    needs: [get-sha-commit]
    runs-on: ${{ github.repository_owner == 'open-edge-platform' && 'overflow' || 'ubuntu-latest' }}
    permissions:
      contents: read
    outputs:
      build_version: ${{ steps.build-version.outputs.version }}
    steps:
      - name: Checkout code
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          ref: ${{ needs.get-sha-commit.outputs.head }}
          persist-credentials: false

      - name: build-version
        id: build-version
        uses: ./.github/actions/build-version

  distrib:
    name: Distrib build
    needs: [get-sha-commit, get-build-version]
    permissions:
      contents: read
    uses: ./.github/workflows/distrib.yml
    with:
      build_version: ${{ needs.get-build-version.outputs.build_version }}
      sha-commit: ${{ needs.get-sha-commit.outputs.head }}

  result-output:
    name: Check result and comment PR
    needs: [get-sha-commit, get-build-version, distrib]
    runs-on: ${{ github.repository_owner == 'open-edge-platform' && 'overflow' || 'ubuntu-latest' }}
    permissions:
      pull-requests: write # to comment on a pull request
    if: ${{ always() && !cancelled() }}
    steps:
      - name: Success comment
        if: needs.distrib.result == 'success'
        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
        with:
          comment-id: ${{ github.event.comment.id }}
          edit-mode: replace
          body: |
            ${{ github.event.comment.body }}

            **Result** :white_check_mark: The build was successful.
            [Check the logs](https://github.com/open-edge-platform/instant-learn/actions/runs/${{ github.run_id }}) for the details.

      - name: Failure comment
        if: needs.distrib.result == 'failure'
        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
        with:
          comment-id: ${{ github.event.comment.id }}
          edit-mode: replace
          body: |
            ${{ github.event.comment.body }}

            **Result** :x: The build failed.
            [Check the logs](https://github.com/open-edge-platform/instant-learn/actions/runs/${{ github.run_id }}) for the details.