-
Notifications
You must be signed in to change notification settings - Fork 8
116 lines (98 loc) · 4.51 KB
/
pull-request-review.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# Workflow that reviews changes in pull requests and writes the feedback in review comments.
name: Pull request review
on:
# We use pull_request_target such that we can grant permissions.
# This means that the job specification is being pulled from master, instead of from the feature branche.
pull_request_target:
branches: [ master ]
types:
- opened
- reopened
- synchronize
- ready_for_review
permissions:
pull-requests: write
jobs:
review:
runs-on: ubuntu-latest
if: github.event.pull_request.draft == false
steps:
- name: Checkout pull request base
uses: actions/checkout@v3
with:
path: ./base
ref: ${{ github.event.pull_request.base.sha }}
- name: Checkout pull request head
uses: actions/checkout@v3
with:
path: ./head
ref: ${{ github.event.pull_request.head.sha }}
- name: Initialize ~/.local/bin directory
run: |
mkdir -p "$HOME/.local/bin"
echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Download irma CLI tool
run: wget -O "$HOME/.local/bin/irma" https://github.com/privacybydesign/irmago/releases/latest/download/irma-linux-amd64
- name: Set executable permissions
run: chmod +x "$HOME/.local/bin/irma"
- name: Verify scheme at base
run: irma scheme verify > ../output-base.txt
shell: bash
working-directory: ./base
- name: Verify scheme at head
id: verify-head
run: irma scheme verify
shell: bash
working-directory: ./head
continue-on-error: true
- name: Override signing keys
run: rm pk.pem && irma scheme keygen
shell: bash
working-directory: ./head
- name: Verify whether head can be signed
run: irma scheme sign > ../output-head.txt 2>&1
shell: bash
working-directory: ./head
continue-on-error: true
- name: Initialize message
run: echo "The following issues were found when running \`irma scheme verify\`:" > ./message.txt
shell: bash
- name: Generate diff
id: generate-diff
run: grep -xvF -f ./output-base.txt ./output-head.txt >> ./message.txt
shell: bash
continue-on-error: true
- name: Add message footer
run: echo -e "\nPlease try to resolve these issues." >> ./message.txt
shell: bash
- name: Write review comment if warnings were found
if: steps.generate-diff.outcome == 'success'
env:
GH_TOKEN: ${{ github.token }}
run: gh pr comment ${{ github.event.pull_request.number }} -F ../message.txt
working-directory: ./base
- name: Write review comment if changes are not signed yet
if: steps.verify-head.outcome == 'failure' && steps.generate-diff.outcome == 'failure' && github.event.pull_request.maintainer_can_modify == true
env:
GH_TOKEN: ${{ github.token }}
run: |
gh pr comment ${{ github.event.pull_request.number }} -b "\
No issues were found when running \`irma scheme verify\`. The status checks fail because the changes are not signed yet. \
This will be resolved by the Yivi team when your changes have been approved. You don't have to deal with this yourself."
working-directory: ./base
- name: Write review comment if maintainers have no access to sign the changes
if: steps.verify-head.outcome == 'failure' && steps.generate-diff.outcome == 'failure' && github.event.pull_request.maintainer_can_modify == false
env:
GH_TOKEN: ${{ github.token }}
run: |
gh pr comment ${{ github.event.pull_request.number }} -b "\
No issues were found when running \`irma scheme verify\`. The status checks fail because the changes are not signed yet. \
The Yivi team has to do this for you. Please [allow edits from maintainers](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork) \
on your pull request to make this possible."
working-directory: ./base
- name: Write review comment if no issues were found
if: steps.verify-head.outcome == 'success' && steps.generate-diff.outcome == 'failure'
env:
GH_TOKEN: ${{ github.token }}
run: gh pr comment ${{ github.event.pull_request.number }} -b "No issues were found when running \`irma scheme verify\`."
working-directory: ./base