Implement secret in log #9771
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: accept-pull-request | |
on: | |
issue_comment: | |
types: | |
- created | |
concurrency: accept-pull-request-${{ github.event.issue.number }} | |
jobs: | |
accept-pull-request: | |
if: ${{ github.event.issue.pull_request && (github.event.comment.body == '/accept' || github.event.comment.body == '/accept --force' || github.event.comment.body == '/rebase') }} | |
env: | |
GITHUB_CONTEXT: ${{ toJson(github) }} | |
GITHUB_TOKEN: ${{ secrets.HURL_BOT_TOKEN }} | |
OWNER: ${{ github.repository_owner }} | |
REPO: ${{ github.event.repository.name }} | |
PR_NUMBER: ${{ github.event.issue.number }} | |
COMMENT_USER_LOGIN: ${{ github.event.comment.user.login }} | |
PR_COMMENT: ${{ github.event.comment.body }} | |
outputs: | |
base_ref: ${{ steps.init-all-internal-env-vars.outputs.base_ref }} | |
new_version_master_snapshot_version: ${{ steps.check-github-release.outputs.new_version_master_snapshot_version }} | |
is_a_github_release_pr: ${{ steps.check-github-release.outputs.is_a_github_release_pr }} | |
name: accept-pull-request | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check user permission | |
run: | | |
comment_user_permission=$(gh api repos/"${OWNER}"/"${REPO}"/collaborators/"${COMMENT_USER_LOGIN}"/permission -q .permission) | |
if [ "${comment_user_permission}" = "admin" ] ; then | |
echo " - β You have the ${comment_user_permission} permission then you are allowed to merge pull request nΒ°${PR_NUMBER}" | |
else | |
comment="β Sorry \`${COMMENT_USER_LOGIN}\`, you are not allowed to merge this pull request because you do not have admin permission (actual permission=${comment_user_permission})." | |
echo " - ${comment}" | |
gh pr comment "${PR_NUMBER}" --body "${comment}" | |
exit 1 | |
fi | |
- name: Init all internal env vars | |
id: init-all-internal-env-vars | |
env: | |
TITLE: ${{ github.event.issue.title }} | |
run: | | |
pr_detail_file="pr_detail.json" | |
gh api repos/"${OWNER}"/"${REPO}"/pulls/"${PR_NUMBER}" > "${pr_detail_file}" | |
jq . "${pr_detail_file}" | |
echo "github.event.issue.title: $TITLE" | |
HEAD_REPO_FULL_NAME=$(jq -rc .head.repo.full_name ${pr_detail_file}) | |
BASE_REPO_FULL_NAME=$(jq -rc .base.repo.full_name ${pr_detail_file}) | |
if [ "${HEAD_REPO_FULL_NAME}" = "${BASE_REPO_FULL_NAME}" ] ; then | |
HEAD_TYPE=origin | |
else | |
HEAD_TYPE=fork | |
fi | |
echo "HEAD_REPO_FULL_NAME=${HEAD_REPO_FULL_NAME}" | tee -a "${GITHUB_ENV}" | |
echo "BASE_REPO_FULL_NAME=${BASE_REPO_FULL_NAME}" | tee -a "${GITHUB_ENV}" | |
echo "HEAD_TYPE=${HEAD_TYPE}" | tee -a "${GITHUB_ENV}" | |
echo "HEAD_REF=$(jq -rc .head.ref ${pr_detail_file})" | tee -a "${GITHUB_ENV}" | |
echo "BASE_REF=$(jq -rc .base.ref ${pr_detail_file})" | tee -a "${GITHUB_ENV}" | |
echo "PR_STATE=$(jq -rc .state ${pr_detail_file})" | tee -a "${GITHUB_ENV}" | |
echo "PR_DRAFT=$(jq -rc .draft ${pr_detail_file})" | tee -a "${GITHUB_ENV}" | |
echo "PR_MERGEABLE=$(jq -rc .mergeable ${pr_detail_file})" | tee -a "${GITHUB_ENV}" | |
echo "REMAINING_COMMITS_FILE=remaining_commits.txt" | tee -a "${GITHUB_ENV}" | |
echo "NEW_COMMITS_FILE=new_commits.txt" | tee -a "${GITHUB_ENV}" | |
echo "base_ref=$(jq -rc .base.ref ${pr_detail_file})" | tee -a "${GITHUB_OUTPUT}" | |
- name: Checkout repository | |
uses: actions/[email protected] | |
with: | |
ref: ${{ env.BASE_REF }} | |
token: ${{ secrets.HURL_BOT_TOKEN }} | |
fetch-depth: 0 | |
- name: Notify user | |
run: | | |
if [[ "${PR_COMMENT}" == "/accept" ]] ; then | |
order="/accept" | |
elif [[ "${PR_COMMENT}" == "/accept --force" ]] ; then | |
order="/accept --force" | |
elif [[ "${PR_COMMENT}" == "/rebase" ]] ; then | |
order="/rebase" | |
fi | |
comment="π [${order}](${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}) is running, please wait for completion." | |
gh pr comment "${PR_NUMBER}" --body "${comment}" | |
echo "ORDER=${order}" | tee -a "${GITHUB_ENV}" | |
- name: Init git bot context | |
uses: crazy-max/[email protected] | |
with: | |
gpg_private_key: ${{ secrets.HURL_BOT_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.HURL_BOT_GPG_PRIVATE_KEY_PASSPHRASE }} | |
git_committer_name: ${{ secrets.HURL_BOT_USER }} | |
git_committer_email: ${{ secrets.HURL_BOT_EMAIL }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
- name: Add fork source branch | |
if: env.HEAD_TYPE == 'fork' | |
run: | | |
git remote add fork https://${{ secrets.HURL_BOT_USER }}:${{ secrets.HURL_BOT_TOKEN }}@github.com/${{ env.HEAD_REPO_FULL_NAME}} | |
git remote --verbose | |
git fetch --all | |
git remote -v | |
git fetch fork | |
git branch -va | |
- name: Check if PR source branch is not master | |
if: env.HEAD_REF == 'master' | |
run: | | |
comment="β Can not ${{ env.ORDER }} this pull request because your working branch is master, please create a new branch as requested in [CONTRIBUTING.md](https://github.com/Orange-OpenSource/hurl/blob/master/CONTRIBUTING.md)." | |
echo " - ${comment}" | |
gh pr comment "${PR_NUMBER}" --body "${comment}" | |
exit 1 | |
- name: Check if pull request state is open | |
run: | | |
if [ "${{ env.PR_STATE }}" = "open" ] ; then | |
echo " - β Pull request is ${{ env.PR_STATE }}." | |
else | |
comment="β Can not ${{ env.ORDER }} this pull request because it is not open (actual state=${{ env.PR_STATE }})." | |
echo " - ${comment}" | |
gh pr comment "${PR_NUMBER}" --body "${comment}" | |
exit 1 | |
fi | |
- name: Check if pull request is ready | |
if: ${{ github.event.comment.body == '/accept' || github.event.comment.body == '/accept --force' }} | |
run: | | |
if [ "${{ env.PR_DRAFT }}" = "false" ] ; then | |
echo " - β Pull request draft state is ${{ env.PR_DRAFT }}." | |
else | |
comment="β Can not ${{ env.ORDER }} this pull request because it is still in draft." | |
echo " - ${comment}" | |
gh pr comment "${PR_NUMBER}" --body "${comment}" | |
exit 1 | |
fi | |
- name: Check if pull request is mergeable | |
if: ${{ github.event.comment.body == '/accept' || github.event.comment.body == '/accept --force' }} | |
run: | | |
if [ "${{ env.PR_MERGEABLE }}" = "true" ] ; then | |
echo " - β Pull request mergeable state is ${{ env.PR_MERGEABLE }}." | |
else | |
comment="β Pull request is not mergeable, please check unresolved discussions and pull request messages." | |
echo " - ${comment}" | |
gh pr comment "${PR_NUMBER}" --body "${comment}" | |
exit 1 | |
fi | |
- name: Check GitHub release | |
if: ${{ github.event.comment.body == '/accept' || github.event.comment.body == '/accept --force' }} | |
id: check-github-release | |
run: | | |
if [ $(echo ${{ env.HEAD_REF }} | grep -Ec '^release/') -eq 0 ] ; then | |
echo " - β Pull request is not about a pending GitHub release." | |
else | |
echo "is_a_github_release_pr=true" | tee -a "${GITHUB_OUTPUT}" | |
tag_version="$(echo ${{ env.HEAD_REF }} | cut --delimiter '/' --field 2)" | |
major=$(echo "${tag_version}" | cut --delimiter "." --field 1) | |
minor=$(echo "${tag_version}" | cut --delimiter "." --field 2) | |
new_minor="$((minor + 1))" | |
echo "major=${major}, minor=${minor}, new_minor=${new_minor}" | |
new_version_master_snapshot_version="${major}.${new_minor}.0-SNAPSHOT" | |
echo "new_version_master_snapshot_version=${new_version_master_snapshot_version}" | tee -a "${GITHUB_OUTPUT}" | |
gh_result=$(gh api repos/"${OWNER}"/"${REPO}"/releases/tags/"${tag_version}" | tr ":" "=" | tr -d '"' | tr -d " ") | |
echo "gh_result=${gh_result}" | |
if [ $(echo "${gh_result}" | grep -Ec "message=NotFound|prerelease=true") -eq 0 ] ; then | |
comment="β GitHub release ${tag_version} is published." | |
echo " - ${comment}" | |
else | |
comment="πβπ¨ GitHub release ${tag_version} is still in draft/prerelease. Please don't forget to publish it after merging this release PR." | |
echo " - ${comment}" | |
gh pr comment "${PR_NUMBER}" --body "${comment}" | |
fi | |
fi | |
- name: Check if source branch is rebased from target branch | |
if: ${{ github.event.comment.body == '/accept' || github.event.comment.body == '/accept --force' || github.event.comment.body == '/rebase' }} | |
run: | | |
git log --oneline --cherry ${{ env.HEAD_TYPE }}/${{ env.HEAD_REF }}...origin/${{ env.BASE_REF }} > "${{ env.REMAINING_COMMITS_FILE }}" && exit_code=0 || exit_code=1 | |
if [ ${exit_code} -eq 1 ] ; then | |
comment="β Rebase check fails. Please refer to ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID} logs." | |
echo " - ${comment}" | |
gh pr comment "${PR_NUMBER}" --body "${comment}" | |
exit 1 | |
fi | |
diff_count=$(grep -c ^+ ${{ env.REMAINING_COMMITS_FILE }} || true) | |
if [ ${diff_count} -eq 0 ] ; then | |
comment="π No needs to auto rebase, \`${{ env.HEAD_REPO_FULL_NAME}}/${{ env.HEAD_REF }}\` is already rebased from \`${{ env.BASE_REPO_FULL_NAME}}/${{ env.BASE_REF }}\`." | |
echo "${comment}" | |
if [ "${{ env.ORDER }}" == "/rebase" ] ; then | |
gh pr comment "${PR_NUMBER}" --body "${comment}" | |
fi | |
else | |
git fetch --all | |
git switch ${{ env.HEAD_REF }} | |
git pull | |
git rebase origin/${{ env.BASE_REF }} && exit_code=0 || exit_code=1 | |
git log --oneline -n 20 | |
if [ ${exit_code} -eq 1 ] ; then | |
comment="β Auto rebase from \`${{ env.BASE_REPO_FULL_NAME}}/${{ env.BASE_REF }}\` fails due to conflicts. Sorry but you have to manage this manually. Please refer to ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID} logs." | |
echo " - ${comment}" | |
gh pr comment "${PR_NUMBER}" --body "${comment}" | |
exit 1 | |
fi | |
if [ ${{ env.HEAD_TYPE }} == "fork" ] ; then | |
git push fork ${{ env.HEAD_REF }} --force && exit_code=0 || exit_code=1 | |
else | |
git push --force && exit_code=0 || exit_code=1 | |
fi | |
if [ ${exit_code} -eq 0 ] ; then | |
comment="π¨ Auto rebase from \`${{ env.BASE_REPO_FULL_NAME}}/${{ env.BASE_REF }}\` succeeds, \`${{ env.HEAD_REPO_FULL_NAME}}/${{ env.HEAD_REF }}\` now embeds these commits:<br>$(echo ; sed "s/+/ -/g" ${{ env.REMAINING_COMMITS_FILE }})" | |
echo " - ${comment}" | |
gh pr comment "${PR_NUMBER}" --body "${comment}" | |
if [ "${{ env.ORDER }}" == "/accept" ] || [ "${{ env.ORDER }}" == "/accept --force" ] ; then | |
comment="π [${{ env.ORDER }}](${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}) is still running, please wait for completion." | |
gh pr comment "${PR_NUMBER}" --body "${comment}" | |
sleep 15 | |
fi | |
else | |
comment="β Auto rebase from \`${{ env.BASE_REPO_FULL_NAME}}/${{ env.BASE_REF }}\` fails on `git push --force`. Please refer to ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID} logs." | |
echo " - ${comment}" | |
gh pr comment "${PR_NUMBER}" --body "${comment}" | |
fi | |
git switch ${{ env.BASE_REF }} | |
fi | |
- name: Check if pull request checks are successful | |
if: ${{ github.event.comment.body == '/accept' }} | |
run: | | |
gh pr checks "${PR_NUMBER}" --watch --interval 30 && exit_code=0 || exit_code=$? | |
if [ "${exit_code}" -eq 0 ] ; then | |
echo " - β Pull request checks are successful." | |
else | |
comment="β Some checks are still failing, please fix them before trying to merge this pull request." | |
echo " - ${comment}" | |
gh pr comment "${PR_NUMBER}" --body "${comment}" | |
exit 1 | |
fi | |
- name: Check if source branch is rebased from target branch | |
if: ${{ github.event.comment.body == '/accept' || github.event.comment.body == '/accept --force' }} | |
run: | | |
git pull | |
git log --oneline --cherry ${{ env.HEAD_TYPE }}/${{ env.HEAD_REF }}...origin/${{ env.BASE_REF }} > "${{ env.REMAINING_COMMITS_FILE }}" && exit_code=0 || exit_code=1 | |
if [ ${exit_code} -eq 1 ] ; then | |
comment="β Rebase check fails. Please refer to ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID} logs." | |
echo " - ${comment}" | |
gh pr comment "${PR_NUMBER}" --body "${comment}" | |
exit 1 | |
fi | |
diff_count=$(grep -c ^+ ${{ env.REMAINING_COMMITS_FILE }} || true) | |
if [ ${diff_count} -eq 0 ] ; then | |
echo " - β ${{ env.HEAD_REPO_FULL_NAME}}/${{ env.HEAD_REF }} is already rebased from ${{ env.BASE_REPO_FULL_NAME}}/${{ env.BASE_REF }}." | |
else | |
comment="β New commits have been pushed to \`${{ env.BASE_REPO_FULL_NAME}}/${{ env.BASE_REF }}\` since you accept this PR. You can rebase it by yourself or simply re-accept this PR to execute an auto rebase.<br>Pending commits:<br>$(echo ; sed "s/+/-/g" ${{ env.REMAINING_COMMITS_FILE }})" | |
echo " - ${comment}" | |
gh pr comment "${PR_NUMBER}" --body "${comment}" | |
exit 1 | |
fi | |
- name: Get new commits list | |
if: ${{ github.event.comment.body == '/accept' || github.event.comment.body == '/accept --force' }} | |
run: | | |
git log --oneline --cherry origin/${{ env.BASE_REF }}...${{ env.HEAD_TYPE }}/${{ env.HEAD_REF }} | tee ${{ env.NEW_COMMITS_FILE }} | |
- name: Merge fast forward head ref to base ref | |
if: ${{ github.event.comment.body == '/accept' || github.event.comment.body == '/accept --force' }} | |
run: | | |
git merge ${{ env.HEAD_TYPE }}/${{ env.HEAD_REF }} --ff-only && exit_code=0 || exit_code=1 | |
if [ ${exit_code} -eq 0 ] ; then | |
echo " - β Merge fast forward succeeds." | |
else | |
comment="β Merge fast forward fails. Please refer to ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID} logs." | |
echo " - ${comment}" | |
gh pr comment "${PR_NUMBER}" --body "${comment}" | |
exit 1 | |
fi | |
git push && exit_code=0 || exit_code=1 | |
if [ ${exit_code} -eq 0 ] ; then | |
echo " - β Push merge fast forward succeeds." | |
else | |
comment="β Push merge fast forward fails. Please refer to ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID} logs." | |
echo " - ${comment}" | |
gh pr comment "${PR_NUMBER}" --body "${comment}" | |
exit 1 | |
fi | |
- name: Final comment | |
if: ${{ github.event.comment.body == '/accept' || github.event.comment.body == '/accept --force' }} | |
run: | | |
if [[ "${PR_COMMENT}" =~ "--force" ]] ; then | |
comment="β Pull request merged with fast forward by \`${COMMENT_USER_LOGIN}\` without waiting for checks." | |
else | |
comment="β Pull request merged with fast forward by \`${COMMENT_USER_LOGIN}\`." | |
fi | |
gh pr comment "${PR_NUMBER}" --body "${comment}.<br><br>\# List of commits merged from \`${{ env.HEAD_REPO_FULL_NAME}}/${{ env.HEAD_REF }}\` branch into \`${{ env.BASE_REPO_FULL_NAME}}/${{ env.BASE_REF }}\` branch:<br>$(echo ; sed 's/+/-/g' ${{ env.NEW_COMMITS_FILE }})" |