rust/comprehensive-rust
1
0
Fork 0
mirror of https://github.com/google/comprehensive-rust.git synced 2024-11-25 01:16:12 +02:00
Code Issues Releases Activity

Improved support for commenting when course timings change. (#1797)

Browse Source 
This
* Works with the GitHub permissions model (at least in local testing on
another temporary repo)
 * Only comments when the timings actually change
This commit is contained in:
Dustin J. Mitchell 2024-02-12 06:03:24 -05:00 committed by GitHub
parent 76362763c3
commit 33b19848ef
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 105 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
.github/workflows/course-schedule-comment.yml vendored Normal file
View File

@ -0,0 +1,70 @@
# Based on https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
#
# This runs with the full repo permissions, but checks out the upstream branch, not the PR.
# Do not run arbitrary code from the PR here!
name: Comment PR with Course Schedule
on:
workflow_run:
workflows: ["Generate Course Schedule"]
types: [completed]
jobs:
upload:
runs-on: ubuntu-latest
if: >
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success'
steps:
- name: "Checkout"
uses: actions/checkout@v4
- name: "Setup Rust cache"
uses: ./.github/workflows/setup-rust-cache
- name: "Generate Schedule on upstream branch"
run: |
cargo run -p mdbook-course --bin course-schedule > upstream-schedule
- name: "Download artifact from PR workflow"
# actions/download-artifact@v4 cannot do this without being given a PAT, although that
# is not required for public forked repositories.
uses: actions/github-script@v7.0.1
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "course-schedule"
})[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/course-schedule.zip', Buffer.from(download.data));
- name: "Unzip artifact"
run: unzip course-schedule.zip
- name: "Comment on PR if schedules differ"
uses: actions/github-script@v7.0.1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
var fs = require('fs');
var pr_number = Number(fs.readFileSync('pr-number'));
var upstream = fs.readFileSync('upstream-schedule').toString();
var schedule = fs.readFileSync('schedule').toString();
if (upstream != schedule) {
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: pr_number,
body: schedule,
});
}

35
.github/workflows/course-schedule.yml vendored Normal file
View File

@ -0,0 +1,35 @@
# Based on https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
name: Generate Course Schedule
on:
pull_request:
paths:
- "src/**.md"
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Rust cache
uses: ./.github/workflows/setup-rust-cache
- name: Generate Schedule
run: |
mkdir -p ./course-schedule
cargo run -p mdbook-course --bin course-schedule > course-schedule/schedule
# GitHub does not provide a reliable way to determine the PR number from which
# a workflow_run was triggered (https://github.com/orgs/community/discussions/25220),
# so we'll do the slightly awkward thing and put that in the artifact. This means
# schedules could potentially be spammed to any PR in the repository, but that is
# not an awful outcome (and clear, reportable evidence of abuse).
echo ${{ github.event.number }} > ./course-schedule/pr-number
- uses: actions/upload-artifact@v4
with:
name: course-schedule
path: course-schedule/