Skip to content
CI comment

CI comment #1127

Sign in to view logs

CI comment

CI comment #1127

Workflow file for this run

.github/workflows/ci-comment.yml at 4469b8c
# Uses `workflow_run` to securely add a comment to the PR that triggered CI.
#
# Important: For security, the `workflow_run` trigger runs the workflow from the default branch,
# so any changes to this workflow must be made in the default branch to take effect.
#
# This workflow is necessary because PRs opened by external forks do not have write access to
# their PR, so the PR-triggered workflow can't add comments to the PR.
# If this was in the CI workflow, it'd be tidier and easier to debug but unfortunately that
# isn't possible due to the lower security context that the CI workflow runs in.
name: CI comment
on:
workflow_dispatch:
inputs:
test-sha:
description: "Test Git SHA for PR to comment on"
workflow_run:
workflows: ["CI"]
types:
- completed
jobs:
merge-comment:
if: github.event.workflow_run.event == 'push' || github.event_name == 'workflow_dispatch'
name: PR merge comment
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: true
- name: Get version
id: get-version
uses: ./.github/actions/get-version
env:
SYNERGY_VERSION_SNAPSHOT: true
- name: Comment on merged PR
uses: symless/actions/pr-merge-comment@v1
with:
version: ${{ steps.get-version.outputs.version }}
sha: ${{ inputs.test-sha }}
summary-comment:
if: github.event.workflow_run.event == 'pull_request'
runs-on: ubuntu-latest
name: PR summary comment
steps:
- name: Download summaries
id: download
uses: actions/download-artifact@v4
with:
run-id: ${{ github.event.workflow_run.id }}
pattern: summary-*
path: summaries
github-token: ${{ secrets.GITHUB_TOKEN }}
# When the triggering workflow is running in a restricted security context, some
# data is omitted from `github.event.workflow_run` (including `pull_requests`).
# Therefore, we have to take some extra steps to find out the PR that triggered
# the original workflow. The simplest way is to iterate through our open PRs and
# find the one with the same head SHA as the triggering workflow.
- name: Get PR number
id: get-pr-number
uses: actions/github-script@v6
with:
script: |
const head_sha = "${{ github.event.workflow_run.head_sha }}";
console.log("Finding PR for SHA:", head_sha);
const { data: prs } = await github.rest.pulls.list({
owner: context.repo.owner,
repo: context.repo.repo,
state: 'open',
});
const pr = prs.find(pr => pr.head.sha === head_sha);
if (pr) {
console.log("Found PR:", pr.number);
return pr.number;
} else {
console.log("PR not found");
}
- name: Merge summaries
if: steps.get-pr-number.outputs.result
id: summary
run: |
ls -R
files=$(find $dir -type f)
if [ -z "$files" ]; then
echo "No files found in dir: $dir"
exit 0
fi
repo_url="${{ github.server_url }}/${{ github.repository }}"
run_url="$repo_url/actions/runs/${{ github.event.workflow_run.id }}"
{
echo "message<<EOF"
echo "## CI Summary"
for file in $files; do
echo $(cat $file)
done
echo
echo "[Full summary]($run_url) (scroll down)"
echo "EOF"
} >> $GITHUB_OUTPUT
- name: Set PR comment
if: steps.get-pr-number.outputs.result && steps.summary.outputs.message
uses: marocchino/sticky-pull-request-comment@v2
with:
number: ${{ steps.get-pr-number.outputs.result }}
header: ${{ github.event.workflow_run.name }}
message: ${{ steps.summary.outputs.message }}
- name: Delete PR comment
if: steps.get-pr-number.outputs.result && !steps.summary.outputs.message
uses: marocchino/sticky-pull-request-comment@v2
with:
number: ${{ steps.get-pr-number.outputs.result }}
header: ${{ github.event.workflow_run.name }}
delete: true