PR Fixxxer #54698
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Fixxxer | |
| on: | |
| issue_comment: | |
| types: [created] | |
| permissions: | |
| contents: write | |
| env: | |
| ROX_PRODUCT_BRANDING: RHACS_BRANDING | |
| jobs: | |
| pr_commented: | |
| name: Run PR Fixxxer | |
| # TODO: support leading and trailing whitespace too | |
| if: ${{ github.event.issue.pull_request && github.event.comment.body == '/fixxx' }} | |
| runs-on: ubuntu-latest | |
| container: | |
| image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.3@sha256:39fd328dcc903b7d8a2f3eb6d9e5ddbf79569227a5667296b4b927f74c11b32a # ratchet:quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.3 | |
| steps: | |
| - name: Fetch PR metadata | |
| id: pr-metadata | |
| run: | | |
| curl --silent --retry 7 "$PR_URL" > pr.json | |
| pr_head_repo="$(jq --raw-output .head.repo.full_name pr.json)" | |
| if [ "$pr_head_repo" != "${THIS_REPO}" ]; then | |
| echo "This comment was issued on a PR from branch in repo $pr_head_repo. Currently only PRs from branches in repo $THIS_REPO are supported." | |
| # TODO: we could still run commands and point at results in a PR comment, even if we do not have permissions to push there. | |
| exit 1 | |
| fi | |
| branch="$(jq --raw-output .head.ref pr.json)" | |
| # If branch name is empty, push action defaults to pushing to main, which we do not want to do. | |
| if [ -z "${branch}" ]; then | |
| echo "Failed to detect source branch." | |
| # TODO: more checks for safe branch names | |
| exit 1 | |
| fi | |
| echo "branch=$branch" >> "$GITHUB_OUTPUT" | |
| rm pr.json | |
| env: | |
| PR_URL: ${{ github.event.issue.pull_request.url }} | |
| THIS_REPO: ${{ github.repository }} | |
| - name: Dump GitHub context | |
| env: | |
| GITHUB_CONTEXT: ${{ toJson(github) }} | |
| run: echo "$GITHUB_CONTEXT" | jq . | |
| - name: Dump job context | |
| env: | |
| JOB_CONTEXT: ${{ toJson(job) }} | |
| run: echo "$JOB_CONTEXT" | jq . | |
| - name: Dump steps context | |
| env: | |
| STEPS_CONTEXT: ${{ toJson(steps) }} | |
| run: echo "$STEPS_CONTEXT" | jq . | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6 | |
| with: | |
| ref: ${{ steps.pr-metadata.outputs.branch }} | |
| fetch-depth: 0 | |
| token: ${{ secrets.RHACS_BOT_GITHUB_TOKEN }} | |
| - name: Configure Git | |
| run: | | |
| set -ex | |
| git config --global --add safe.directory "$(pwd)" | |
| git config --global user.email "rhacs-bot@redhat.com" | |
| git config --global user.name "StackRox PR Fixxxer" | |
| - run: ./scripts/fixxxer.sh | |
| - uses: ad-m/github-push-action@77c5b412c50b723d2a4fbc6d71fb5723bcd439aa # ratchet:ad-m/github-push-action@v1.0.0 | |
| with: | |
| branch: ${{ steps.pr-metadata.outputs.branch }} | |
| github_token: ${{ secrets.RHACS_BOT_GITHUB_TOKEN }} |