KRB5: let 'krb5_child' tolerate missing cap-set-id #1175
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Accepted | |
| on: | |
| pull_request_target: | |
| types: | |
| - synchronize | |
| - labeled | |
| - unlabeled | |
| env: | |
| PR_ID: ${{ github.event.pull_request.number }} | |
| GH_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| AUTHORS: ${{ vars.SSSD_AUTHORS }} | |
| ACTOR: ${{ github.actor }} | |
| jobs: | |
| accepted-label-set: | |
| # Make the job appear as skipped if Accepted label is missing | |
| if: > | |
| ( | |
| github.event.action == 'labeled' | |
| && github.event.label.name == 'Accepted' | |
| ) || ( | |
| github.event.action == 'synchronize' | |
| && contains(github.event.pull_request.labels.*.name, 'Accepted') | |
| ) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| # Fetch the entire history of the repository | |
| # This is necessary for a successful git push | |
| fetch-depth: 0 | |
| # The pull request head branch is checked out | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| token: ${{ secrets.BOT_TOKEN }} | |
| - name: Reviewed-by trailer was already added and pull request is accepted | |
| if: github.event.action == 'synchronize' | |
| run: | | |
| # Just succeed, as the pull request was updated by this job | |
| exit 0 | |
| - name: Set git user identity | |
| if: github.event.action == 'labeled' | |
| run: | | |
| git config --global user.name "sssd-bot" | |
| git config --global user.email "sssd-maintainers@lists.fedoraproject.org" | |
| - name: Add 'Reviewed-by' trailer | |
| if: github.event.action == 'labeled' | |
| run: | | |
| set -e -o pipefail | |
| gh repo set-default ${{ github.repository }} | |
| PR_REVIEWERS=`gh pr view "$PR_ID" --json reviews --jq '.reviews.[] | select(.state == "APPROVED") | .author.login' | sort | uniq` | |
| PR_COMMITS_SHA=`gh pr view "$PR_ID" --json commits --jq .commits.[].oid` | |
| PR_COMMITS_FIRST=`echo "$PR_COMMITS_SHA" | head -1` | |
| git config trailer.where end | |
| git config trailer.ifexists addIfDifferent | |
| trailers="" | |
| for name in $PR_REVIEWERS; do | |
| value=$(echo "$AUTHORS" | jq -r \ | |
| --arg user "$name" \ | |
| ' | |
| # Iterate over the array and select the object with a matching github_username. | |
| .[] | select(.github_username == $user) | | |
| # If a match is found, format the output as "Name <email>". | |
| # The `//` operator provides a fallback. | |
| "\(.name) <\(.email)>" // | |
| # If no match is found, use the default fallback string. | |
| "\($user) <https://github.com/\($user)>" | |
| ' | |
| ) | |
| trailers+="--trailer 'Reviewed-by: $value' " | |
| done | |
| if [ ! -z "$trailers" ]; then | |
| git rebase "$PR_COMMITS_FIRST~1" -x "git commit --allow-empty --amend --no-edit $trailers" | |
| fi | |
| - name: Add comment to print current CI status | |
| if: github.event.action == 'labeled' | |
| run: | | |
| set -e -o pipefail | |
| gh repo set-default ${{ github.repository }} | |
| COMMENT_FILE=.accepted-add-reviewed-by.comment | |
| echo "**The pull request was accepted by @$ACTOR with the following PR CI status:**" > $COMMENT_FILE | |
| echo "" >> $COMMENT_FILE | |
| echo "---" >> $COMMENT_FILE | |
| echo "" >> $COMMENT_FILE | |
| CHECKS=`gh pr checks "$PR_ID" --json state,workflow,name,link` | |
| echo $CHECKS | jq -r ' | |
| # Filter the array to exclude accepted and backport workflows | |
| # these will be always in_progress or skipped at this point | |
| map(select( | |
| .workflow != "Accepted" and .workflow != "Backport" | |
| )) | | |
| # First, sort the entire array by the "workflow" and "name" keys. | |
| sort_by(.workflow, .name | ascii_downcase) | | |
| # Then, iterate over each element in the sorted array. | |
| .[] | | |
| # A conditional check to determine the icon based on the state. | |
| (if .state == "FAILURE" then "🔴" | |
| elif .state == "SUCCESS" then "🟢" | |
| elif .state == "CANCELLED" then "⚪" | |
| elif .state == "IN_PROGRESS" then "🟡" | |
| elif .state == "PENDING" then "⏳" | |
| elif .state == "SKIPPED" then "➖" | |
| else .state | |
| end | |
| ) as $icon | | |
| # Another conditional check to format the output. | |
| # If the workflow is an empty string, print a simplified format. | |
| # Otherwise, print the full format including the workflow. | |
| if .workflow == "" then | |
| "\($icon) [\(.name)](\(.link)) (\(.state | ascii_downcase))" | |
| else | |
| "\($icon) [\(.workflow) / \(.name)](\(.link)) (\(.state | ascii_downcase))" | |
| end | |
| ' >> "$COMMENT_FILE" | |
| echo "" >> $COMMENT_FILE | |
| echo "---" >> $COMMENT_FILE | |
| echo "" >> $COMMENT_FILE | |
| unfinished=`echo $CHECKS | jq '.[] | select(.state != "SUCCESS")'` | |
| if [ -z "$unfinished" ]; then | |
| echo "All checks passed. It is safe to merge this pull request." >> $COMMENT_FILE | |
| else | |
| echo "**There are unsuccessful or unfinished checks.** Make sure that the failures are not related to this pull request before merging." >> $COMMENT_FILE | |
| fi | |
| gh pr comment "$PR_ID" --body-file "$COMMENT_FILE" | |
| - name: Push changes | |
| if: github.event.action == 'labeled' | |
| run: | | |
| git push origin HEAD --force |