Skip to content

End-to-end PR Comment #36

End-to-end PR Comment

End-to-end PR Comment #36

Workflow file for this run

# Add end to end test summary as a PR comment. This needs to be run in a separate
# workflow to allow permissions to add comments to PRs without elevating permissions
# of the build. This is a modified version of recommendations found here:
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
#
# IMPORTANT: Nothing should be added to this workflow that can potentially run
# untrusted code from unmerged forked repo PRs. The `workflow_run` event will
# only run on our main branch vs other events such as `pull_request_target` that
# runs unmerged PR code with elevated permissions.
name: End-to-end PR Comment
# read-write repo token
# access to secrets
on:
workflow_run:
workflows: ['Orchestrator']
types:
- completed
jobs:
upload:
runs-on: ubuntu-latest
if: >
github.event.workflow_run.event == 'pull_request'
steps:
- name: 'Download artifact'
uses: actions/github-script@v7
with:
script: |
const artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
const fs = require('fs');
const names = ['pr-comment', 'pr-comment-unit'];
for (const artifact of artifacts.data.artifacts) {
if (!names.includes(artifact.name)) {
continue;
}
const download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: artifact.id,
archive_format: 'zip',
});
fs.writeFileSync(`${{github.workspace}}/${artifact.name}.zip`, Buffer.from(download.data));
}
- name: Unzip artifacts and store PR number
run: |
unzip pr-comment.zip -d pr-comment
unzip pr-comment-unit.zip -d pr-comment-unit
PR_NUMBER=$(cat ./pr-comment/PR-number.txt)
echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV
- name: 'Comment on PR - e2e Tests'
uses: marocchino/sticky-pull-request-comment@v2
with:
number: ${{ env.PR_NUMBER }}
header: pr-title-e2e-summary
path: pr-comment/pr-comment.html
- name: 'Comment on PR - Unit Tests'
uses: marocchino/sticky-pull-request-comment@v2
with:
number: ${{ env.PR_NUMBER }}
header: pr-title-unit-summary
path: pr-comment-unit/pr-comment-unit.html
# - name: 'Comment on PR'
# uses: actions/github-script@v7
# with:
# github-token: ${{ secrets.GITHUB_TOKEN }}
# script: |
# const fs = require('fs');
# const prNumber = Number(fs.readFileSync('./pr-comment/PR-number.txt'));
# const comments = await github.rest.issues.listComments({
# owner: context.repo.owner,
# repo: context.repo.repo,
# issue_number: prNumber,
# })
# for (const dirName of ['pr-comment', 'pr-comment-unit']) {
# // Append a marker to the summary content to identify the comment for later updates
# const marker = `<!-- DH GH Action Comment (${dirName}) -->`;
# const prComment = String(fs.readFileSync(`./${dirName}/pr-comment.html`));
# const contentWithMarker = `${marker}\n${prComment}`;
# const existingComment = comments.data.find(comment => comment.body.startsWith(marker));
# if (existingComment) {
# await github.rest.issues.updateComment({
# owner: context.repo.owner,
# repo: context.repo.repo,
# comment_id: existingComment.id,
# body: contentWithMarker,
# });
# }
# else {
# await github.rest.issues.createComment({
# owner: context.repo.owner,
# repo: context.repo.repo,
# issue_number: prNumber,
# body: contentWithMarker,
# });
# }
# }