Post PR - (#162) feat: jobs check enhancement #18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Post PR Workflow Run | |
run-name: "Post ${{ github.event.workflow_run.display_title }}" | |
# This workflow is to be triggerred after PR workflow is completed to have "write" access to the PR from fork repos securely. | |
# we always expect a single PR to trigger this workflow_run - take care of event filtering below to match a single workflow | |
on: | |
workflow_run: | |
workflows: ["PR"] | |
types: | |
- completed | |
permissions: | |
contents: write | |
pull-requests: write | |
# Gives the python-coverage-comment-action the necessary "actions" permissions for looking up the workflow that launched this | |
# workflow, and download the related artifact that contains the comment to be published | |
actions: read | |
jobs: | |
pr_status: | |
name: Get PR details from artifacts | |
runs-on: ubuntu-latest | |
if: > | |
github.event.workflow_run.event == 'pull_request' && | |
github.event.workflow_run.conclusion == 'success' | |
outputs: | |
pr_number: ${{ steps.read.outputs.pr_number }} | |
pr_head_ref: ${{ steps.read.outputs.pr_head_ref }} | |
steps: | |
- name: download PR artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: pr | |
path: pr | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
run-id: ${{ github.event.workflow_run.id }} | |
- name: read PR details from artifact | |
id: read | |
working-directory: pr | |
run: | | |
ls -R ./ | |
echo "pr_number=$(cat NR)" >> "$GITHUB_OUTPUT" | |
echo "pr_head_ref=$(cat HEAD_REF)" >> "$GITHUB_OUTPUT" | |
update_coverage: | |
name: Update coverage report on PR | |
needs: pr_status | |
runs-on: ubuntu-latest | |
steps: | |
- name: post coverage comment | |
uses: py-cov-action/python-coverage-comment-action@v3 | |
with: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GITHUB_PR_RUN_ID: ${{ github.event.workflow_run.id }} | |
pandev_pr: | |
name: Create a preview PR for pan.dev | |
needs: pr_status | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout pan.dev | |
uses: actions/checkout@v4 | |
with: | |
repository: PaloAltoNetworks/pan.dev | |
token: ${{ secrets.CLSC_PAT }} | |
- name: download documentation artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: documentation | |
path: products/panos/docs | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
run-id: ${{ github.event.workflow_run.id }} | |
- name: unpack the documentation | |
working-directory: products/panos/docs | |
run: | | |
rm -rf 'panos-upgrade-assurance' | |
tar xvf documentation.tar | |
rm -f documentation.tar | |
- name: create a PR to upstream pan.dev | |
id: pr | |
uses: peter-evans/create-pull-request@v5 | |
with: | |
token: ${{ secrets.CLSC_PAT }} | |
delete-branch: true | |
branch: "pua_prev_${{ needs.pr_status.outputs.pr_head_ref }}" | |
title: "[PAN-OS Upgrade Assurance][${{ needs.pr_status.outputs.pr_head_ref }}] documentation PREVIEW - do NOT MERGE" | |
commit-message: "docs: PanOS Upgrade Assurance documentation update" | |
labels: netsec, DO NOT MERGE | |
body: | | |
# Description | |
DO NOT MERGE - preview PR made for changes on branch: ${{ needs.pr_status.outputs.pr_head_ref }}. | |
# Types of changes | |
New feature (non-breaking change which adds functionality) | |
- name: find if we have a comment | |
uses: peter-evans/find-comment@v2 | |
id: find | |
with: | |
issue-number: ${{ needs.pr_status.outputs.pr_number }} | |
body-includes: A Preview PR in PanDev repo has been created | |
repository: ${{ github.repository }} | |
- name: comment back on the original PR | |
if: steps.find.outputs.comment-id == '' && steps.pr.outputs.pull-request-url != '' | |
uses: peter-evans/create-or-update-comment@v3 | |
with: | |
issue-number: ${{ needs.pr_status.outputs.pr_number }} | |
repository: ${{ github.repository }} | |
body: | | |
A Preview PR in PanDev repo has been created. You can view it [here](${{ steps.pr.outputs.pull-request-url }}). |