From b5a6aeb5df0e0bbfc505c9f9a9760bd08f98acc8 Mon Sep 17 00:00:00 2001 From: John Titor <50095635+JohnRTitor@users.noreply.github.com> Date: Tue, 3 Dec 2024 22:15:15 +0530 Subject: [PATCH] ci: init get-merge-commit workflow Signed-off-by: John Titor <50095635+JohnRTitor@users.noreply.github.com> --- .github/workflows/get-merge-commit.yml | 43 ++++++++++++++++++++++++++ ci/README.md | 29 +++++------------ 2 files changed, 51 insertions(+), 21 deletions(-) create mode 100644 .github/workflows/get-merge-commit.yml diff --git a/.github/workflows/get-merge-commit.yml b/.github/workflows/get-merge-commit.yml new file mode 100644 index 000000000000..63154d73ed9d --- /dev/null +++ b/.github/workflows/get-merge-commit.yml @@ -0,0 +1,43 @@ +name: Get merge commit + +on: + workflow_call: + outputs: + mergedSha: + description: "The merge commit SHA" + value: ${{ jobs.resolve-merge-commit.outputs.mergedSha }} + +# We need a token to query the API, but it doesn't need any special permissions +permissions: {} + +jobs: + resolve-merge-commit: + runs-on: ubuntu-latest + outputs: + mergedSha: ${{ steps.merged.outputs.mergedSha }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + path: base + sparse-checkout: ci + - name: Check if the PR can be merged and get the test merge commit + id: merged + env: + GH_TOKEN: ${{ github.token }} + GH_EVENT: ${{ github.event_name }} + run: | + case "$GH_EVENT" in + push) + echo "mergedSha=${{ github.sha }}" >> "$GITHUB_OUTPUT" + ;; + pull_request_target) + if mergedSha=$(base/ci/get-merge-commit.sh ${{ github.repository }} ${{ github.event.number }}); then + echo "Checking the merge commit $mergedSha" + echo "mergedSha=$mergedSha" >> "$GITHUB_OUTPUT" + else + # Skipping so that no notifications are sent + echo "Skipping the rest..." + fi + ;; + esac + rm -rf base diff --git a/ci/README.md b/ci/README.md index 11b53c6095e6..7aa49eb82c70 100644 --- a/ci/README.md +++ b/ci/README.md @@ -58,7 +58,7 @@ Exit codes: ### Usage -This script can be used in GitHub Actions workflows as follows: +This script is implemented as a reusable GitHub Actions workflow, and can be used as follows: ```yaml on: pull_request_target @@ -67,32 +67,19 @@ on: pull_request_target permissions: {} jobs: + get-merge-commit: + # use the relative path of the get-merge-commit workflow yaml here + uses: ./.github/workflows/get-merge-commit.yml + build: name: Build runs-on: ubuntu-latest + needs: get-merge-commit steps: - # Important: Because of `pull_request_target`, this doesn't check out the PR, - # but rather the base branch of the PR, which is needed so we don't run untrusted code - - uses: actions/checkout@ - with: - path: base - sparse-checkout: ci - - name: Resolving the merge commit - env: - GH_TOKEN: ${{ github.token }} - run: | - if mergedSha=$(base/ci/get-merge-commit.sh ${{ github.repository }} ${{ github.event.number }}); then - echo "Checking the merge commit $mergedSha" - echo "mergedSha=$mergedSha" >> "$GITHUB_ENV" - else - # Skipping so that no notifications are sent - echo "Skipping the rest..." - fi - rm -rf base - uses: actions/checkout@ # Add this to _all_ subsequent steps to skip them - if: env.mergedSha + if: needs.get-merge-commit.outputs.mergedSha with: - ref: ${{ env.mergedSha }} + ref: ${{ needs.get-merge-commit.outputs.mergedSha }} - ... ```