diff --git a/.github/workflows/external-message.yml b/.github/workflows/external-message.yml new file mode 100644 index 00000000..b28a42e3 --- /dev/null +++ b/.github/workflows/external-message.yml @@ -0,0 +1,66 @@ +name: PR Comment + +#WARNING: +# THIS WORKFLOW ALWAYS RUNS FOR EXTERNAL CONTRIBUTORS WITHOUT ANY APPROVAL. +# DO NOT PULL THE PR OR EXECUTE ANY CODE FROM THE PR. + +on: + pull_request_target: + types: [opened, reopened, synchronize] + branches: + - main + + pull_request: + types: [opened, reopened, synchronize] + + +jobs: + comment-on-pr: + runs-on: ubuntu-latest + permissions: + pull-requests: write + steps: + - name: Check if external contribution + id: check_fork + run: | + if [ "${{ github.event.pull_request.head.repo.full_name }}" == "${{ github.repository }}" ]; then + echo "is_fork=true" >> $GITHUB_OUTPUT + else + echo "is_fork=false" >> $GITHUB_OUTPUT + fi + + - uses: actions/checkout@v4 + + - name: Delete old comments + if: steps.check_fork.outputs.is_fork == 'true' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + # Delete previous comment if it exists + previous_comment_ids=$(gh api "repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" \ + --jq '.[] | select(.body | startswith("")) | .id') + echo "Previous comment IDs: $previous_comment_ids" + # Iterate over each comment ID and delete the comment + if [ ! -z "$previous_comment_ids" ]; then + echo "$previous_comment_ids" | while read -r comment_id; do + echo "Deleting comment with ID: $comment_id" + gh api "repos/${{ github.repository }}/issues/comments/$comment_id" -X DELETE + done + fi + + - name: Comment on PR + if: steps.check_fork.outputs.is_fork == 'true' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh pr comment ${{ github.event.pull_request.number }} --body \ + " + Run integration tests manually: + [go/deco-tests-run/sdk-go](https://go/deco-tests-run/sdk-go) + + Inputs: + PR Number:${{github.event.pull_request.number}} + Commit SHA:${{ github.event.pull_request.head.sha }} + + Checks will be approved automatically on success. + " diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index b8f8cb97..17e283ee 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -9,8 +9,9 @@ on: jobs: + # Secrests are not available for forks. trigger-tests: - if: github.event_name == 'pull_request' + if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository name: Trigger Tests runs-on: ubuntu-latest environment: "test-trigger-is"