Skip to content

Commit 64323ac

Browse files
fredbifredbi
committed
fixed trusted workflow
Signed-off-by: Frederic BIDON <fredbi@yahoo.com>
1 parent 0ac18fd commit 64323ac

File tree

1 file changed

+20
-13
lines changed

1 file changed

+20
-13
lines changed

.github/workflows/pr-comment.yml

Lines changed: 20 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -11,33 +11,40 @@ on:
1111
inputs:
1212
run_id:
1313
description: |
14-
The run ID of the calling workflow that has emitted the message artifact, e.g. ${{ github.event.workflow_run.id }}
14+
The run ID of the calling workflow that has emitted the message artifact, e.g. {{ github.event.workflow_run.id }}
15+
type: string
1516
required: true
1617
target_repo:
1718
description: |
18-
The target repository of the PR, e.g. ${{ github.repository }}
19+
The target repository of the PR, e.g. {{ github.repository }}
20+
type: string
1921
required: true
2022
pr_number:
2123
description: |
22-
The pull request number, e.g. ${{ github.event.pull_request.number }}
24+
The pull request number, e.g. {{ github.event.pull_request.number }}
25+
type: string
2326
required: true
2427
pr_sha:
2528
description: |
26-
The commit sha for the originating pull request, e.g. ${{github.event.pull_request.head.sha}}
29+
The commit sha for the originating pull request, e.g. {{github.event.pull_request.head.sha}}
30+
type: string
2731
required: true
2832
artifact_name:
2933
description: |
3034
The reference to the artifact containing the text of the comment.
3135
3236
At this moment, only supports "markdown_comment.txt" and "spelling_comment.txt"
37+
type: string
3338
required: true
3439
comment_title:
3540
description: |
3641
Title is a text string used to uniquely identify a comment that will be upaded on subsequent commits.
42+
type: string
3743
required: true
3844
reactions:
3945
description: |
4046
Optional emoji reaction added to the comment.
47+
type: string
4148
required: false
4249

4350
permissions:
@@ -57,11 +64,11 @@ jobs:
5764
steps:
5865
- name: Validate inputs
5966
run: |
60-
if [[ "${{ env.TARGET }}" !~ /github.com\/go-openapi/ ]] ; then
67+
if ! [[ "${{ env.TARGET }}" =~ "^go-openapi\/.*$" ]] ; then
6168
echo "This workflow only applies to target repos in github.com/go-openapi."
6269
exit 1
6370
fi
64-
if [[ "${{ inputs.artifact_name }}" != "markdown_comment.txt" && "${{ inputs.artifact_name }}" != "spelling_comment.txt" && ]] ; then
71+
if [[ "${{ inputs.artifact_name }}" != "markdown_comment.txt" && "${{ inputs.artifact_name }}" != "spelling_comment.txt" ]] ; then
6572
echo "This workflow only applies to artifacts named markdown_comment.txt or spelling_comment.txt"
6673
exit 1
6774
fi
@@ -84,15 +91,15 @@ jobs:
8491
8592
if [[ "${LAST_COMMIT}" != "${{ inputs.pr_sha }}" ]] ; then
8693
echo "The PR has changed while we were about to commit it. Skip."
87-
echo "proceed=false" >> "${{GITHUB_OUTPUT}}"
94+
echo "proceed=false" >> "${GITHUB_OUTPUT}"
8895
8996
echo "::warning:: pull request comment skipped because ${{ github.event.pull_request.number }} has changed"
9097
exit 0
9198
fi
92-
echo "proceed=true" >> "${{GITHUB_ENV}}"
99+
echo "proceed=true" >> "${GITHUB_OUTPUT}"
93100
94101
- name: Download message artifact
95-
if: ${{ steps.check_pr.outputs.proceed == "true"}}
102+
if: ${{ steps.check_pr.outputs.proceed == 'true'}}
96103
uses: actions/download-artifact@v5
97104
with:
98105
run_id: "${{ inputs.run_id }}"
@@ -102,7 +109,7 @@ jobs:
102109
github_token: ${{secrets.GITHUB_TOKEN}}
103110

104111
- name: Check message artifact size
105-
if: ${{ steps.check_pr.outputs.proceed == "true"}}
112+
if: ${{ steps.check_pr.outputs.proceed == 'true'}}
106113
id: load_artifact
107114
run: |
108115
SIZE=$(wc -c "${MESSAGE_FILE}"
@@ -115,7 +122,7 @@ jobs:
115122
echo "message=$(cat ${MESSAGE_FILE})" >> "${GITHUB_OUTPUT}"
116123
117124
- name: Find previous PR comment
118-
if: ${{ steps.check_pr.outputs.proceed == "true"}}
125+
if: ${{ steps.check_pr.outputs.proceed == 'true'}}
119126
uses: peter-evans/find-comment@v3
120127
id: find_comment
121128
with:
@@ -126,15 +133,15 @@ jobs:
126133
token: ${{ secrets.GITHUB_TOKEN }}
127134

128135
- name: Acquire write access to PR
129-
if: ${{ steps.check_pr.outputs.proceed == "true"}}
136+
if: ${{ steps.check_pr.outputs.proceed == 'true'}}
130137
id: acquire_write_token
131138
uses: actions/create-github-app-token@v2
132139
with:
133140
app-id: ${{ secrets.CI_WORKFLOWS_PR_APP_ID }}
134141
private-key: ${{ secrets.CI_WORKFLOWS_PR_APP_PRIVATE_KEY }}
135142

136143
- name: Create or update PR comment
137-
if: ${{ steps.check_pr.outputs.proceed == "true"}}
144+
if: ${{ steps.check_pr.outputs.proceed == 'true'}}
138145
uses: peter-evans/create-or-update-comment@v4
139146
with:
140147
issue-number: ${{ inputs.pr_number }}

0 commit comments

Comments
 (0)