Skip to content

Post PR - (#162) feat: jobs check enhancement #18

Post PR - (#162) feat: jobs check enhancement

Post PR - (#162) feat: jobs check enhancement #18

name: Post PR Workflow Run
run-name: "Post ${{ github.event.workflow_run.display_title }}"
# This workflow is to be triggerred after PR workflow is completed to have "write" access to the PR from fork repos securely.
# we always expect a single PR to trigger this workflow_run - take care of event filtering below to match a single workflow
on:
workflow_run:
workflows: ["PR"]
types:
- completed
permissions:
contents: write
pull-requests: write
# Gives the python-coverage-comment-action the necessary "actions" permissions for looking up the workflow that launched this
# workflow, and download the related artifact that contains the comment to be published
actions: read
jobs:
pr_status:
name: Get PR details from artifacts
runs-on: ubuntu-latest
if: >
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success'
outputs:
pr_number: ${{ steps.read.outputs.pr_number }}
pr_head_ref: ${{ steps.read.outputs.pr_head_ref }}
steps:
- name: download PR artifact
uses: actions/download-artifact@v4
with:
name: pr
path: pr
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
- name: read PR details from artifact
id: read
working-directory: pr
run: |
ls -R ./
echo "pr_number=$(cat NR)" >> "$GITHUB_OUTPUT"
echo "pr_head_ref=$(cat HEAD_REF)" >> "$GITHUB_OUTPUT"
update_coverage:
name: Update coverage report on PR
needs: pr_status
runs-on: ubuntu-latest
steps:
- name: post coverage comment
uses: py-cov-action/python-coverage-comment-action@v3
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_PR_RUN_ID: ${{ github.event.workflow_run.id }}
pandev_pr:
name: Create a preview PR for pan.dev
needs: pr_status
runs-on: ubuntu-latest
steps:
- name: checkout pan.dev
uses: actions/checkout@v4
with:
repository: PaloAltoNetworks/pan.dev
token: ${{ secrets.CLSC_PAT }}
- name: download documentation artifact
uses: actions/download-artifact@v4
with:
name: documentation
path: products/panos/docs
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
- name: unpack the documentation
working-directory: products/panos/docs
run: |
rm -rf 'panos-upgrade-assurance'
tar xvf documentation.tar
rm -f documentation.tar
- name: create a PR to upstream pan.dev
id: pr
uses: peter-evans/create-pull-request@v5
with:
token: ${{ secrets.CLSC_PAT }}
delete-branch: true
branch: "pua_prev_${{ needs.pr_status.outputs.pr_head_ref }}"
title: "[PAN-OS Upgrade Assurance][${{ needs.pr_status.outputs.pr_head_ref }}] documentation PREVIEW - do NOT MERGE"
commit-message: "docs: PanOS Upgrade Assurance documentation update"
labels: netsec, DO NOT MERGE
body: |
# Description
DO NOT MERGE - preview PR made for changes on branch: ${{ needs.pr_status.outputs.pr_head_ref }}.
# Types of changes
New feature (non-breaking change which adds functionality)
- name: find if we have a comment
uses: peter-evans/find-comment@v2
id: find
with:
issue-number: ${{ needs.pr_status.outputs.pr_number }}
body-includes: A Preview PR in PanDev repo has been created
repository: ${{ github.repository }}
- name: comment back on the original PR
if: steps.find.outputs.comment-id == '' && steps.pr.outputs.pull-request-url != ''
uses: peter-evans/create-or-update-comment@v3
with:
issue-number: ${{ needs.pr_status.outputs.pr_number }}
repository: ${{ github.repository }}
body: |
A Preview PR in PanDev repo has been created. You can view it [here](${{ steps.pr.outputs.pull-request-url }}).