cloudflare/kumo

Public

mirrored from https://github.com/cloudflare/kumoAvailable

CodeCommitsIssuesPull requestsActionsInsightsSecurity
main

Branches

Tags

  • No tags available.
0Branches0Tags
Go to file
Add file
Code

Clone

HTTPS

Download ZIP

.github/workflows/bonk-check.yml

93lines · modecode

1name: Bonk Check
2
3on:
4 issue_comment:
5 types: [created]
6 pull_request:
7 types: [opened, synchronize, reopened]
8 pull_request_review:
9 types: [submitted]
10
11permissions:
12 contents: read
13 pull-requests: read
14
15jobs:
16 bonk-check:
17 if: github.event.pull_request != null || github.event.issue.pull_request != null || github.event.review != null
18 runs-on: ubuntu-latest
19 steps:
20 - name: Check for /bonk from a collaborator
21 id: check
22 env:
23 GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
24 EVENT_NAME: ${{ github.event_name }}
25 REPOSITORY: ${{ github.repository }}
26 REVIEW_BODY: ${{ github.event.review.body || '' }}
27 REVIEW_USER: ${{ github.event.review.user.login || '' }}
28 run: |
29 set -euo pipefail
30
31 is_collaborator() {
32 local user="$1"
33 local status
34 status=$(gh api "repos/$REPOSITORY/collaborators/$user" -i 2>/dev/null | head -1 | awk '{print $2}')
35 [ "$status" = "204" ]
36 }
37
38 if [ "$EVENT_NAME" = "pull_request" ] || [ "$EVENT_NAME" = "pull_request_review" ]; then
39 PR_NUMBER="${{ github.event.pull_request.number }}"
40 SHA="${{ github.event.pull_request.head.sha }}"
41 else
42 PR_NUMBER="${{ github.event.issue.number }}"
43 SHA=$(gh api "repos/$REPOSITORY/pulls/$PR_NUMBER" --jq '.head.sha')
44 fi
45
46 echo "pr=$PR_NUMBER" >> "$GITHUB_OUTPUT"
47 echo "sha=$SHA" >> "$GITHUB_OUTPUT"
48
49 FOUND=false
50
51 if [ "$EVENT_NAME" = "pull_request_review" ] && printf '%s' "$REVIEW_BODY" | grep -q '/bonk'; then
52 if is_collaborator "$REVIEW_USER"; then
53 FOUND=true
54 echo "found=true" >> "$GITHUB_OUTPUT"
55 echo "bonk_user=$REVIEW_USER" >> "$GITHUB_OUTPUT"
56 fi
57 fi
58
59 if [ "$FOUND" = "false" ]; then
60 COMMENTS=$(gh api "repos/$REPOSITORY/issues/$PR_NUMBER/comments" --paginate | jq -r '.[] | @base64')
61
62 while IFS= read -r encoded; do
63 [ -z "$encoded" ] && continue
64
65 BODY=$(printf '%s' "$encoded" | base64 --decode | jq -r '.body')
66 USER=$(printf '%s' "$encoded" | base64 --decode | jq -r '.user.login')
67
68 if printf '%s' "$BODY" | grep -q '/bonk' && is_collaborator "$USER"; then
69 FOUND=true
70 echo "found=true" >> "$GITHUB_OUTPUT"
71 echo "bonk_user=$USER" >> "$GITHUB_OUTPUT"
72 break
73 fi
74 done <<< "$COMMENTS"
75 fi
76
77 if [ "$FOUND" = "false" ]; then
78 echo "found=false" >> "$GITHUB_OUTPUT"
79 fi
80
81 - name: Summarize result
82 run: |
83 if [ "${{ steps.check.outputs.found }}" = "true" ]; then
84 echo "✅ /bonk called by ${{ steps.check.outputs.bonk_user }}" >> "$GITHUB_STEP_SUMMARY"
85 else
86 echo "❌ /bonk has not been called on this PR by a collaborator" >> "$GITHUB_STEP_SUMMARY"
87 fi
88
89 - name: Require /bonk
90 if: steps.check.outputs.found != 'true'
91 run: |
92 echo "::error::/bonk has not been called on this PR by a collaborator"
93 exit 1
94