typespec/.github/workflows/commenter.yml at main · microsoft/typespec · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
name: Make Change Comment

on:
  workflow_run:
    workflows: ["Consistency"]
    types:
      - completed

permissions:
  pull-requests: write

jobs:
  # DO NOT BUILD ANYTHING FROM A PR HERE https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
  commenter:
    if: >
      github.event.workflow_run.event == 'pull_request' &&
      github.actor != 'dependabot[bot]' &&
      !startsWith(github.head_ref, 'publish/')
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - name: Prepare artifact directory
        run: mkdir -p "${{ runner.temp }}/comment-artifact"
      - uses: actions/download-artifact@v8
        with:
          name: comment
          run-id: ${{github.event.workflow_run.id }}
          github-token: ${{secrets.GITHUB_TOKEN}}
          path: ${{ runner.temp }}/comment-artifact
      - name: Display structure of downloaded files
        run: ls -R

      - uses: ./.github/actions/setup

      - run: pnpm install
        name: Install dependencies

      - run: pnpm chronus-github-pr-commenter --comment-file "${{ runner.temp }}/comment-artifact/comment.json"
        env:
          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
        name: Create/update comment