mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-01 18:44:07 +00:00
fc3b385a4f
- Error if the commenter doesn't have write access or maintainers can't edit the PR branch. - Close and comment on PR after rebase so that actions are run when it's reopened. This doesn't happen currently as we're using the default github token which isn't allowed to trigger other actions. - Disallow unwanted rebases. e.g. invalid branches, redundant rebases or rebasing permanent branches onto permanent branches.
135 lines
4.8 KiB
YAML
135 lines
4.8 KiB
YAML
on:
|
|
issue_comment:
|
|
types:
|
|
- created
|
|
|
|
# This action allows people with write access to the repo to rebase a PRs base branch
|
|
# by commenting `/rebase ${branch}` on the PR while avoiding CODEOWNER notifications.
|
|
|
|
jobs:
|
|
rebase:
|
|
runs-on: ubuntu-latest
|
|
if: github.repository_owner == 'NixOS' && github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase')
|
|
steps:
|
|
- uses: peter-evans/create-or-update-comment@v1
|
|
with:
|
|
comment-id: ${{ github.event.comment.id }}
|
|
reactions: eyes
|
|
- uses: scherermichael-oss/action-has-permission@1.0.6
|
|
id: check-write-access
|
|
with:
|
|
required-permission: write
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
- name: check permissions
|
|
run: |
|
|
echo "Commenter doesn't have write access to the repo"
|
|
exit 1
|
|
if: "! steps.check-write-access.outputs.has-permission"
|
|
- name: setup
|
|
run: |
|
|
curl "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.issue.number }}" 2>/dev/null >pr.json
|
|
cat <<EOF >>"$GITHUB_ENV"
|
|
CAN_MODIFY=$(jq -r '.maintainer_can_modify' pr.json)
|
|
COMMITS=$(jq -r '.commits' pr.json)
|
|
CURRENT_BASE=$(jq -r '.base.ref' pr.json)
|
|
PR_BRANCH=$(jq -r '.head.ref' pr.json)
|
|
COMMENT_BRANCH=$(echo ${{ github.event.comment.body }} | awk "/^\/rebase / {print \$2}")
|
|
PULL_REQUEST=${{ github.event.issue.number }}
|
|
EOF
|
|
rm pr.json
|
|
- name: check branch
|
|
env:
|
|
PERMANENT_BRANCHES: "haskell-updates|master|nixos|nixpkgs|python-unstable|release|staging"
|
|
VALID_BRANCHES: "haskell-updates|master|python-unstable|release-20.09|staging|staging-20.09|staging-next"
|
|
run: |
|
|
message() {
|
|
cat <<EOF
|
|
Can't rebase $PR_BRANCH from $CURRENT_BASE onto $COMMENT_BRANCH (PR:$PULL_REQUEST COMMITS:$COMMITS)
|
|
EOF
|
|
}
|
|
if ! [[ "$COMMENT_BRANCH" =~ ^($VALID_BRANCHES)$ ]]; then
|
|
cat <<EOF
|
|
Check that the branch from the comment is valid:
|
|
|
|
$(message)
|
|
|
|
This action can only rebase onto these branches:
|
|
|
|
$VALID_BRANCHES
|
|
|
|
\`/rebase \${branch}\` must be at the start of the line
|
|
EOF
|
|
exit 1
|
|
fi
|
|
if [[ "$COMMENT_BRANCH" == "$CURRENT_BASE" ]]; then
|
|
cat <<EOF
|
|
Check that the branch from the comment isn't the current base branch:
|
|
|
|
$(message)
|
|
EOF
|
|
exit 1
|
|
fi
|
|
if [[ "$COMMENT_BRANCH" == "$PR_BRANCH" ]]; then
|
|
cat <<EOF
|
|
Check that the branch from the comment isn't the current branch:
|
|
|
|
$(message)
|
|
EOF
|
|
exit 1
|
|
fi
|
|
if [[ "$PR_BRANCH" =~ ^($PERMANENT_BRANCHES) ]]; then
|
|
cat <<EOF
|
|
Check that the PR branch isn't a permanent branch:
|
|
|
|
$(message)
|
|
EOF
|
|
exit 1
|
|
fi
|
|
if [[ "$CAN_MODIFY" != "true" ]]; then
|
|
cat <<EOF
|
|
Check that maintainers can edit the PR branch:
|
|
|
|
$(message)
|
|
EOF
|
|
exit 1
|
|
fi
|
|
- uses: actions/checkout@v2
|
|
with:
|
|
fetch-depth: 0
|
|
- name: rebase pull request
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
|
git config --global user.name "github-actions[bot]"
|
|
git fetch origin
|
|
gh pr checkout "$PULL_REQUEST"
|
|
git rebase \
|
|
--onto="$(git merge-base origin/"$CURRENT_BASE" origin/"$COMMENT_BRANCH")" \
|
|
"HEAD~$COMMITS"
|
|
git push --force
|
|
curl \
|
|
-X POST \
|
|
-H "Accept: application/vnd.github.v3+json" \
|
|
-H "Authorization: token $GITHUB_TOKEN" \
|
|
-d "{ \"base\": \"$COMMENT_BRANCH\" }" \
|
|
"https://api.github.com/repos/${{ github.repository }}/pulls/$PULL_REQUEST"
|
|
curl \
|
|
-X PATCH \
|
|
-H "Accept: application/vnd.github.v3+json" \
|
|
-H "Authorization: token $GITHUB_TOKEN" \
|
|
-d '{ "state": "closed" }' \
|
|
"https://api.github.com/repos/${{ github.repository }}/pulls/$PULL_REQUEST"
|
|
- uses: peter-evans/create-or-update-comment@v1
|
|
with:
|
|
issue-number: ${{ github.event.issue.number }}
|
|
body: |
|
|
Rebased, please reopen the pull request to restart CI
|
|
- uses: peter-evans/create-or-update-comment@v1
|
|
if: failure()
|
|
with:
|
|
issue-number: ${{ github.event.issue.number }}
|
|
body: |
|
|
[Failed to rebase](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
|