cloudflare/kumo
Publicmirrored from https://github.com/cloudflare/kumoAvailable
.github/workflows/bonk-check.yml
93lines · modecode
| 1 | name: Bonk Check |
| 2 | |
| 3 | on: |
| 4 | issue_comment: |
| 5 | types: [created] |
| 6 | pull_request: |
| 7 | types: [opened, synchronize, reopened] |
| 8 | pull_request_review: |
| 9 | types: [submitted] |
| 10 | |
| 11 | permissions: |
| 12 | contents: read |
| 13 | pull-requests: read |
| 14 | |
| 15 | jobs: |
| 16 | bonk-check: |
| 17 | if: github.event.pull_request != null || github.event.issue.pull_request != null || github.event.review != null |
| 18 | runs-on: ubuntu-latest |
| 19 | steps: |
| 20 | - name: Check for /bonk from a collaborator |
| 21 | id: check |
| 22 | env: |
| 23 | GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 24 | EVENT_NAME: ${{ github.event_name }} |
| 25 | REPOSITORY: ${{ github.repository }} |
| 26 | REVIEW_BODY: ${{ github.event.review.body || '' }} |
| 27 | REVIEW_USER: ${{ github.event.review.user.login || '' }} |
| 28 | run: | |
| 29 | set -euo pipefail |
| 30 | |
| 31 | is_collaborator() { |
| 32 | local user="$1" |
| 33 | local status |
| 34 | status=$(gh api "repos/$REPOSITORY/collaborators/$user" -i 2>/dev/null | head -1 | awk '{print $2}') |
| 35 | [ "$status" = "204" ] |
| 36 | } |
| 37 | |
| 38 | if [ "$EVENT_NAME" = "pull_request" ] || [ "$EVENT_NAME" = "pull_request_review" ]; then |
| 39 | PR_NUMBER="${{ github.event.pull_request.number }}" |
| 40 | SHA="${{ github.event.pull_request.head.sha }}" |
| 41 | else |
| 42 | PR_NUMBER="${{ github.event.issue.number }}" |
| 43 | SHA=$(gh api "repos/$REPOSITORY/pulls/$PR_NUMBER" --jq '.head.sha') |
| 44 | fi |
| 45 | |
| 46 | echo "pr=$PR_NUMBER" >> "$GITHUB_OUTPUT" |
| 47 | echo "sha=$SHA" >> "$GITHUB_OUTPUT" |
| 48 | |
| 49 | FOUND=false |
| 50 | |
| 51 | if [ "$EVENT_NAME" = "pull_request_review" ] && printf '%s' "$REVIEW_BODY" | grep -q '/bonk'; then |
| 52 | if is_collaborator "$REVIEW_USER"; then |
| 53 | FOUND=true |
| 54 | echo "found=true" >> "$GITHUB_OUTPUT" |
| 55 | echo "bonk_user=$REVIEW_USER" >> "$GITHUB_OUTPUT" |
| 56 | fi |
| 57 | fi |
| 58 | |
| 59 | if [ "$FOUND" = "false" ]; then |
| 60 | COMMENTS=$(gh api "repos/$REPOSITORY/issues/$PR_NUMBER/comments" --paginate | jq -r '.[] | @base64') |
| 61 | |
| 62 | while IFS= read -r encoded; do |
| 63 | [ -z "$encoded" ] && continue |
| 64 | |
| 65 | BODY=$(printf '%s' "$encoded" | base64 --decode | jq -r '.body') |
| 66 | USER=$(printf '%s' "$encoded" | base64 --decode | jq -r '.user.login') |
| 67 | |
| 68 | if printf '%s' "$BODY" | grep -q '/bonk' && is_collaborator "$USER"; then |
| 69 | FOUND=true |
| 70 | echo "found=true" >> "$GITHUB_OUTPUT" |
| 71 | echo "bonk_user=$USER" >> "$GITHUB_OUTPUT" |
| 72 | break |
| 73 | fi |
| 74 | done <<< "$COMMENTS" |
| 75 | fi |
| 76 | |
| 77 | if [ "$FOUND" = "false" ]; then |
| 78 | echo "found=false" >> "$GITHUB_OUTPUT" |
| 79 | fi |
| 80 | |
| 81 | - name: Summarize result |
| 82 | run: | |
| 83 | if [ "${{ steps.check.outputs.found }}" = "true" ]; then |
| 84 | echo "✅ /bonk called by ${{ steps.check.outputs.bonk_user }}" >> "$GITHUB_STEP_SUMMARY" |
| 85 | else |
| 86 | echo "❌ /bonk has not been called on this PR by a collaborator" >> "$GITHUB_STEP_SUMMARY" |
| 87 | fi |
| 88 | |
| 89 | - name: Require /bonk |
| 90 | if: steps.check.outputs.found != 'true' |
| 91 | run: | |
| 92 | echo "::error::/bonk has not been called on this PR by a collaborator" |
| 93 | exit 1 |
| 94 | |