53 lines
1.9 KiB
YAML
53 lines
1.9 KiB
YAML
# Description: This workflow is triggered when the "Check" workflow completes.
|
|
# Since this pull request has write permissions on the target repo, we should **NOT** execute any untrusted code.
|
|
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
|
|
# Based on https://github.com/spring-projects/spring-security/pull/15477/files
|
|
---
|
|
name: Comment on PR
|
|
|
|
on:
|
|
workflow_run:
|
|
workflows: ["Tests"]
|
|
types:
|
|
- completed
|
|
|
|
jobs:
|
|
comment:
|
|
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#running-a-workflow-based-on-the-conclusion-of-another-workflow
|
|
if: ${{ github.event.workflow_run.conclusion == 'failure' }}
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
actions: read
|
|
contents: read
|
|
pull-requests: write
|
|
timeout-minutes: 10
|
|
steps:
|
|
- name: Download PR number
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: pr_number
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
run-id: ${{ github.event.workflow_run.id }}
|
|
- name: Read pr_number.txt
|
|
id: read-pr_number
|
|
run: |
|
|
PR_NUMBER=$(cat pr_number.txt)
|
|
echo "Read PR number $PR_NUMBER"
|
|
echo "pr_number=$PR_NUMBER" >> $GITHUB_OUTPUT
|
|
- name: Checkout
|
|
if: ${{ steps.read-pr_number.outputs.pr_number != '' }}
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: '0'
|
|
show-progress: 'false'
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
- name: jbang
|
|
if: ${{ steps.read-pr_number.outputs.pr_number != '' }}
|
|
uses: jbangdev/jbang-action@v0.117.1
|
|
with:
|
|
script: ghprcomment@koppor/ghprcomment
|
|
scriptargs: "-r JabRef/jabref -p ${{ steps.read-pr_number.outputs.pr_number }} -w ${{ github.event.workflow_run.id }}"
|
|
trust: https://github.com/koppor/ghprcomment/
|
|
env:
|
|
GITHUB_OAUTH: ${{ secrets.GITHUB_TOKEN }}
|