From 99ffa854a5fc6a796fe8c7a2935e8f8adf9a026b Mon Sep 17 00:00:00 2001 From: UnderKoen Date: Mon, 4 Nov 2024 20:13:07 +0100 Subject: [PATCH 1/5] ci: add reactions to /update-vrt comment --- .github/workflows/update-vrt.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/update-vrt.yml b/.github/workflows/update-vrt.yml index 1806255dd52..aabde3ae285 100644 --- a/.github/workflows/update-vrt.yml +++ b/.github/workflows/update-vrt.yml @@ -4,8 +4,8 @@ on: types: [ created ] permissions: - pull-requests: write - contents: write + pull-requests: read + contents: read concurrency: group: ${{ github.workflow }}-${{ github.event.issue.number }} @@ -19,6 +19,12 @@ jobs: github.event.issue.pull_request && contains(github.event.comment.body, '/update-vrt') steps: + - name: React to comment + uses: dkershner6/reaction-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commentId: ${{ github.event.comment.id }} + reaction: "+1" - name: Get PR branch uses: xt0rted/pull-request-comment-branch@v2 id: comment-branch @@ -48,3 +54,9 @@ jobs: fi git commit -m "Update VRT" git push origin HEAD:${{ steps.comment-branch.outputs.head_ref }} + - name: React to comment + uses: dkershner6/reaction-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commentId: ${{ github.event.comment.id }} + reaction: "rocket" From 0cc9fa521302f6fdfe868b793cb0f2284e7f62fc Mon Sep 17 00:00:00 2001 From: UnderKoen Date: Mon, 4 Nov 2024 20:47:05 +0100 Subject: [PATCH 2/5] chore: use correct permissions --- .github/workflows/update-vrt.yml | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/.github/workflows/update-vrt.yml b/.github/workflows/update-vrt.yml index aabde3ae285..f1c9dc0bc78 100644 --- a/.github/workflows/update-vrt.yml +++ b/.github/workflows/update-vrt.yml @@ -19,12 +19,6 @@ jobs: github.event.issue.pull_request && contains(github.event.comment.body, '/update-vrt') steps: - - name: React to comment - uses: dkershner6/reaction-action@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - commentId: ${{ github.event.comment.id }} - reaction: "+1" - name: Get PR branch uses: xt0rted/pull-request-comment-branch@v2 id: comment-branch @@ -54,6 +48,29 @@ jobs: fi git commit -m "Update VRT" git push origin HEAD:${{ steps.comment-branch.outputs.head_ref }} + add-starting-reaction: + runs-on: ubuntu-latest + if: | + github.event.issue.pull_request && + contains(github.event.comment.body, '/update-vrt') + permissions: + contents: write + steps: + - name: React to comment + uses: dkershner6/reaction-action@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commentId: ${{ github.event.comment.id }} + reaction: "+1" + add-finished-reaction: + runs-on: ubuntu-latest + needs: update-vrt + if: | + github.event.issue.pull_request && + contains(github.event.comment.body, '/update-vrt') + permissions: + contents: write + steps: - name: React to comment uses: dkershner6/reaction-action@v2 with: From 263694d681e02b6de27117b5c399f324105085ef Mon Sep 17 00:00:00 2001 From: UnderKoen Date: Mon, 4 Nov 2024 20:47:20 +0100 Subject: [PATCH 3/5] chore: don't cancel on non command message --- .github/workflows/update-vrt.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-vrt.yml b/.github/workflows/update-vrt.yml index f1c9dc0bc78..de61c6b7c4d 100644 --- a/.github/workflows/update-vrt.yml +++ b/.github/workflows/update-vrt.yml @@ -8,7 +8,7 @@ permissions: contents: read concurrency: - group: ${{ github.workflow }}-${{ github.event.issue.number }} + group: ${{ github.workflow }}-${{ github.event.issue.number }}-${{ contains(github.event.comment.body, '/update-vrt') }} cancel-in-progress: true jobs: From a44a2f0cdec570e966178c6c4f3a35f18279be3f Mon Sep 17 00:00:00 2001 From: UnderKoen Date: Mon, 4 Nov 2024 22:17:09 +0100 Subject: [PATCH 4/5] chore: make workflow not expose github secret --- .github/workflows/update-vrt.yml | 56 +++++++++++++++++++++++--------- 1 file changed, 41 insertions(+), 15 deletions(-) diff --git a/.github/workflows/update-vrt.yml b/.github/workflows/update-vrt.yml index c8db50aea72..c09072d8dd1 100644 --- a/.github/workflows/update-vrt.yml +++ b/.github/workflows/update-vrt.yml @@ -41,44 +41,70 @@ jobs: run: yarn vrt --update-snapshots env: E2E_START_URL: ${{ steps.netlify.outputs.url }} - - name: Commit and push changes + - name: Create patch run: | - git config --system --add safe.directory "*" - git config --global user.name "github-actions[bot]" - git config --global user.email "github-actions[bot]@users.noreply.github.com" + git reset git add "**/*.png" if git diff --staged --quiet; then echo "No changes to commit" exit 0 fi git commit -m "Update VRT" - git push origin HEAD:${{ steps.comment-branch.outputs.head_ref }} - add-starting-reaction: + git format-patch -1 HEAD --stdout > Update-VRT.patch + - uses: actions/upload-artifact@v4 + with: + name: patch + path: Update-VRT.patch + + push-patch: runs-on: ubuntu-latest - if: | - github.event.issue.pull_request && - contains(github.event.comment.body, '/update-vrt') + needs: update-vrt permissions: contents: write + pull-requests: write steps: - - name: React to comment + - name: Get PR branch + # Until https://github.com/xt0rted/pull-request-comment-branch/issues/322 is resolved we use the forked version + uses: gotson/pull-request-comment-branch@head-repo-owner-dist + id: comment-branch + - uses: actions/checkout@v4 + with: + repository: ${{ steps.comment-branch.outputs.head_owner }}/${{ steps.comment-branch.outputs.head_repo }} + ref: ${{ steps.comment-branch.outputs.head_ref }} + - uses: actions/download-artifact@v4 + continue-on-error: true + with: + name: patch + - name: Apply patch and push + run: | + git apply Update-VRT.patch + git config --global user.name "github-actions[bot]" + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git add "**/*.png" + if git diff --staged --quiet; then + echo "No changes to commit" + exit 0 + fi + git commit -m "Update VRT" + git push origin HEAD:${{ steps.comment-branch.outputs.head_ref }} + - name: Add finished reaction uses: dkershner6/reaction-action@v2 with: token: ${{ secrets.GITHUB_TOKEN }} commentId: ${{ github.event.comment.id }} - reaction: "+1" - add-finished-reaction: + reaction: "rocket" + + add-starting-reaction: runs-on: ubuntu-latest - needs: update-vrt if: | github.event.issue.pull_request && contains(github.event.comment.body, '/update-vrt') permissions: - contents: write + pull-requests: write steps: - name: React to comment uses: dkershner6/reaction-action@v2 with: token: ${{ secrets.GITHUB_TOKEN }} commentId: ${{ github.event.comment.id }} - reaction: "rocket" + reaction: "+1" From d23fe86795cd43dee3f7039dd602e053092c318a Mon Sep 17 00:00:00 2001 From: Koen van Staveren Date: Tue, 5 Nov 2024 14:19:09 +0100 Subject: [PATCH 5/5] Update .github/workflows/update-vrt.yml --- .github/workflows/update-vrt.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/update-vrt.yml b/.github/workflows/update-vrt.yml index c09072d8dd1..8d46128758e 100644 --- a/.github/workflows/update-vrt.yml +++ b/.github/workflows/update-vrt.yml @@ -78,6 +78,7 @@ jobs: - name: Apply patch and push run: | git apply Update-VRT.patch + git config --system --add safe.directory "*" git config --global user.name "github-actions[bot]" git config --global user.email "github-actions[bot]@users.noreply.github.com" git add "**/*.png"