notify-triage.yml

name: Notify triage

on:
  workflow_call:
  issues:
    types: [opened]
  pull_request_target:
    types: [opened]

# Permissions come from the token.
permissions: {}

env:
  GH_TOKEN: ${{ secrets.ISSUE_PR_PROJECTS_TOKEN }}
  GH_REPO: ${{ github.repository }}
  ITEM_NUMBER: ${{ github.event.number || github.event.issue.number }}

jobs:
  notify:
    runs-on: ubuntu-latest
    steps:
    - name: Validate event type
      id: validated
      run: |
        set -euo pipefail
        echo "event name: $GITHUB_EVENT_NAME"
        case "$GITHUB_EVENT_NAME" in
          "issues") echo 'cmd=issue' >> "$GITHUB_OUTPUT" ;;
          "pull_request_target") echo 'cmd=pr' >> "$GITHUB_OUTPUT" ;;
          *)
            echo "::error::This action must only be run on 'issue' and 'pull_request_target' events"
            exit 1
            ;;
        esac
    - name: Post comment
      # Don't ping over dependabot's dependency updates. That's just going to annoy people.
      if: ${{ github.actor != 'dependabot[bot]' }}
      run: |
        access="$(gh api \
          -H "Accept: application/vnd.github+json" \
          -H "X-GitHub-Api-Version: 2022-11-28" \
          "/repos/{owner}/{repo}/collaborators/$GITHUB_ACTOR/permission" |
          jq -r .role_name
        )"
        if ! [[ $access =~ ^(admin|maintain|write|triage)$ ]]; then
          gh ${{ steps.validated.outputs.cmd }} comment "$ITEM_NUMBER" --body '@MithrilJS/triage Please take a look.'
        fi
    - name: Add project
      run: gh ${{ steps.validated.outputs.cmd }} edit "$ITEM_NUMBER" --add-project 'Triage/bugs'