mirror of
https://github.com/CHN-beta/nixpkgs.git
synced 2026-01-11 10:22:54 +08:00
36c667d9f4
Bumps [actions/github-script](https://github.com/actions/github-script) from 7.0.1 to 8.0.0. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](60a0d83039...ed597411d8) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit4ea8216576)
171 lines
6.4 KiB
YAML
171 lines
6.4 KiB
YAML
# This workflow will request reviews from the maintainers of each package
|
|
# listed in the PR's most recent eval comparison artifact.
|
|
|
|
name: Reviewers
|
|
|
|
on:
|
|
pull_request_target:
|
|
types: [ready_for_review]
|
|
workflow_call:
|
|
secrets:
|
|
OWNER_APP_PRIVATE_KEY:
|
|
required: true
|
|
|
|
concurrency:
|
|
group: reviewers-${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.run_id }}
|
|
cancel-in-progress: true
|
|
|
|
permissions: {}
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
|
|
jobs:
|
|
request:
|
|
runs-on: ubuntu-24.04-arm
|
|
timeout-minutes: 20
|
|
steps:
|
|
- name: Check out the PR at the base commit
|
|
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
path: trusted
|
|
sparse-checkout: ci
|
|
|
|
- name: Install Nix
|
|
uses: cachix/install-nix-action@7be5dee1421f63d07e71ce6e0a9f8a4b07c2a487 # v31
|
|
|
|
- name: Build the requestReviews derivation
|
|
run: nix-build trusted/ci -A requestReviews
|
|
|
|
# For requesting reviewers, this job depends on a GitHub App with the following permissions:
|
|
# - Permissions:
|
|
# - Repository > Administration: read-only
|
|
# - Organization > Members: read-only
|
|
# - Repository > Pull Requests: read-write
|
|
# - Install App on this repository, setting these variables:
|
|
# - OWNER_APP_ID (variable)
|
|
# - OWNER_APP_PRIVATE_KEY (secret)
|
|
#
|
|
# Can't use the token received from permissions above, because it can't get enough permissions.
|
|
- uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
|
|
if: github.event_name == 'pull_request_target' && vars.OWNER_APP_ID
|
|
id: app-token
|
|
with:
|
|
app-id: ${{ vars.OWNER_APP_ID }}
|
|
private-key: ${{ secrets.OWNER_APP_PRIVATE_KEY }}
|
|
permission-administration: read
|
|
permission-members: read
|
|
permission-pull-requests: write
|
|
|
|
- name: Log current API rate limits (app-token)
|
|
if: ${{ steps.app-token.outputs.token }}
|
|
env:
|
|
GH_TOKEN: ${{ steps.app-token.outputs.token }}
|
|
run: gh api /rate_limit | jq
|
|
|
|
- name: Requesting code owner reviews
|
|
if: steps.app-token.outputs.token
|
|
env:
|
|
GH_TOKEN: ${{ steps.app-token.outputs.token }}
|
|
REPOSITORY: ${{ github.repository }}
|
|
NUMBER: ${{ github.event.number }}
|
|
# Don't do anything on draft PRs
|
|
DRY_MODE: ${{ github.event.pull_request.draft && '1' || '' }}
|
|
run: result/bin/request-code-owner-reviews.sh "$REPOSITORY" "$NUMBER" ci/OWNERS
|
|
|
|
- name: Log current API rate limits (app-token)
|
|
if: ${{ steps.app-token.outputs.token }}
|
|
env:
|
|
GH_TOKEN: ${{ steps.app-token.outputs.token }}
|
|
run: gh api /rate_limit | jq
|
|
|
|
- name: Log current API rate limits (github.token)
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
run: gh api /rate_limit | jq
|
|
|
|
# In the regular case, this workflow is called via workflow_call from the eval workflow directly.
|
|
# In the more special case, when a PR is undrafted an eval run will have started already.
|
|
- name: Wait for comparison to be done
|
|
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
|
|
id: eval
|
|
with:
|
|
script: |
|
|
const run_id = (await github.rest.actions.listWorkflowRuns({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
workflow_id: context.eventName === 'pull_request' ? 'test.yml' : 'pr.yml',
|
|
event: context.eventName,
|
|
head_sha: context.payload.pull_request.head.sha
|
|
})).data.workflow_runs[0].id
|
|
|
|
core.setOutput('run-id', run_id)
|
|
|
|
// Waiting 120 * 5 sec = 10 min. max.
|
|
// The extreme case is an Eval run that just started when the PR is undrafted.
|
|
// Eval takes max 5-6 minutes, normally.
|
|
for (let i = 0; i < 120; i++) {
|
|
const result = await github.rest.actions.listWorkflowRunArtifacts({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
run_id,
|
|
name: 'comparison'
|
|
})
|
|
if (result.data.total_count > 0) return
|
|
await new Promise(resolve => setTimeout(resolve, 5000))
|
|
}
|
|
throw new Error("No comparison artifact found.")
|
|
|
|
- name: Log current API rate limits (github.token)
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
run: gh api /rate_limit | jq
|
|
|
|
- name: Download the comparison results
|
|
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
|
|
with:
|
|
run-id: ${{ steps.eval.outputs.run-id }}
|
|
github-token: ${{ github.token }}
|
|
pattern: comparison
|
|
path: comparison
|
|
merge-multiple: true
|
|
|
|
- name: Log current API rate limits (app-token)
|
|
if: ${{ steps.app-token.outputs.token }}
|
|
env:
|
|
GH_TOKEN: ${{ steps.app-token.outputs.token }}
|
|
run: gh api /rate_limit | jq
|
|
|
|
- name: Log current API rate limits (github.token)
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
run: gh api /rate_limit | jq
|
|
|
|
- name: Requesting maintainer reviews
|
|
if: ${{ steps.app-token.outputs.token }}
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
REPOSITORY: ${{ github.repository }}
|
|
NUMBER: ${{ github.event.number }}
|
|
AUTHOR: ${{ github.event.pull_request.user.login }}
|
|
# Don't request reviewers on draft PRs
|
|
DRY_MODE: ${{ github.event.pull_request.draft && '1' || '' }}
|
|
run: |
|
|
# maintainers.json contains GitHub IDs. Look up handles to request reviews from.
|
|
# There appears to be no API to request reviews based on GitHub IDs
|
|
jq -r 'keys[]' comparison/maintainers.json \
|
|
| while read -r id; do gh api /user/"$id" --jq .login; done \
|
|
| GH_TOKEN=${{ steps.app-token.outputs.token }} result/bin/request-reviewers.sh "$REPOSITORY" "$NUMBER" "$AUTHOR"
|
|
|
|
- name: Log current API rate limits (app-token)
|
|
if: ${{ steps.app-token.outputs.token }}
|
|
env:
|
|
GH_TOKEN: ${{ steps.app-token.outputs.token }}
|
|
run: gh api /rate_limit | jq
|
|
|
|
- name: Log current API rate limits (github.token)
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
run: gh api /rate_limit | jq
|