Comment with Kernel testing results on pull requests #1037
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# NOTE: This has read-write repo token and access to secrets, so this must | |
# not run any untrusted code. | |
# see: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ | |
name: Comment with Kernel testing results on pull requests | |
on: | |
workflow_run: | |
workflows: ["Drivers CI Build"] | |
types: | |
- completed | |
jobs: | |
upload: | |
runs-on: ubuntu-latest | |
if: github.event.workflow_run.event == 'pull_request' | |
steps: | |
- name: 'Download artifact' | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
with: | |
script: | | |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
run_id: ${{github.event.workflow_run.id }}, | |
}); | |
var matchArtifacts = artifacts.data.artifacts.filter((artifact) => { | |
return artifact.name == "pr-kernel-testing" | |
}); | |
if (!Array.isArray(matchArtifacts) || !matchArtifacts.length) { | |
var process = require('process'); | |
process.exit(); | |
} | |
var matchArtifact = matchArtifacts[0]; | |
var download = await github.rest.actions.downloadArtifact({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
artifact_id: matchArtifact.id, | |
archive_format: 'zip', | |
}); | |
var fs = require('fs'); | |
fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data)); | |
- name: 'Unpack artifact' | |
run: | | |
if [ -f pr.zip ]; then | |
unzip pr.zip | |
fi | |
- name: 'Comment on PR' | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
# Taken from https://github.com/actions/github-script/blob/main/.github/workflows/pull-request-test.yml | |
script: | | |
var fs = require('fs'); | |
if (!fs.existsSync('./NR')) { | |
var process = require('process'); | |
process.exit(); | |
} | |
var issue_number = Number(fs.readFileSync('./NR')); | |
var comment_body = fs.readFileSync('./COMMENT'); | |
// Get the existing comments. | |
const {data: comments} = await github.rest.issues.listComments({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
issue_number: issue_number, | |
}); | |
// Find any comment already made by the bot. | |
const botComment = comments.find(comment => comment.user.id === 41898282 && comment.body.includes('# X64 kernel testing matrix')); | |
if (botComment) { | |
await github.rest.issues.updateComment({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
comment_id: botComment.id, | |
body: comment_body.toString('utf8') | |
}); | |
} else { | |
await github.rest.issues.createComment({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
issue_number: issue_number, | |
body: comment_body.toString('utf8') | |
}); | |
} |