Review #6841
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Review | |
| on: | |
| workflow_run: | |
| workflows: | |
| - Reviewed | |
| types: [completed] | |
| # This is used as fallback without app only. | |
| # This happens when testing in forks without setting up that app. | |
| permissions: | |
| pull-requests: write | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| process: | |
| runs-on: ubuntu-24.04-arm | |
| timeout-minutes: 2 | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| sparse-checkout: | | |
| ci/github-script | |
| # Use the GitHub App to make sure the reaction happens with the same user who will later merge. | |
| - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 | |
| if: github.event_name != 'pull_request' && vars.NIXPKGS_CI_APP_ID | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.NIXPKGS_CI_APP_ID }} | |
| private-key: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }} | |
| permission-pull-requests: write | |
| - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| with: | |
| github-token: ${{ steps.app-token.outputs.token || github.token }} | |
| retries: 3 | |
| script: | | |
| const { handleMergeComment } = require('./ci/github-script/merge.js') | |
| // PRs from forks don't have any PRs associated by default. | |
| // Thus, we request the PR number with an API call *to* the fork's repo. | |
| // Multiple pull requests can be open from the same head commit, either via | |
| // different base branches or head branches. | |
| const { head_repository, head_sha, repository } = context.payload.workflow_run | |
| await Promise.all( | |
| (await github.paginate(github.rest.repos.listPullRequestsAssociatedWithCommit, { | |
| owner: head_repository.owner.login, | |
| repo: head_repository.name, | |
| commit_sha: head_sha | |
| })) | |
| .filter(pull_request => pull_request.base.repo.id == repository.id) | |
| .map(async (pull_request) => | |
| Promise.all( | |
| (await github.paginate(github.rest.pulls.listReviews, { | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| pull_number: pull_request.number | |
| })).map(review => { | |
| // The `check` workflow creates review comments which reviewers | |
| // are encouraged to manually dismiss if they're not relevant. | |
| // When a CI-generated review is dismissed, this job automatically minimizes | |
| // it, preventing it from cluttering the PR. | |
| if (review.user?.login == 'github-actions[bot]' && review.state == 'DISMISSED') | |
| return github.graphql(` | |
| mutation($node_id:ID!) { | |
| minimizeComment(input: { | |
| classifier: RESOLVED, | |
| subjectId: $node_id | |
| }) | |
| { clientMutationId } | |
| }`, | |
| { node_id: review.node_id } | |
| ) | |
| // The `bot` workflow reacts to comments with @NixOS/nixpkgs-merge-bot references, but might only | |
| // pick up a comment after up to 10 minutes. To give the user instant feedback, this job adds | |
| // a reaction to these comments. | |
| return handleMergeComment({ | |
| github, | |
| body: review.body, | |
| node_id: review.node_id, | |
| reaction: 'EYES', | |
| }) | |
| }) | |
| ) | |
| ) | |
| ) |