Skip to content

dependabot[bot] is adding coverage report comment on PR #411

dependabot[bot] is adding coverage report comment on PR

dependabot[bot] is adding coverage report comment on PR #411

Workflow file for this run

# Safely comment on the PR - https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
name: ci-comment
run-name: ${{ github.actor }} is adding coverage report comment on PR
on:
workflow_run:
workflows: [ "ci-runner" ]
types:
- completed
jobs:
completed-coverage:
runs-on: ubuntu-latest
if: >
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success'
outputs:
coverage: ${{ steps.output.outputs.coverage }}
steps:
- name: Get coverage job success
uses: actions/github-script@v7
env:
WORKFLOW_RUN_ID: '${{ github.event.workflow_run.id }}'
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { WORKFLOW_RUN_ID } = process.env;
core.exportVariable('COVERAGE', 'unknown');
const { data: allJobs } = await github.rest.actions.listJobsForWorkflowRun({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: WORKFLOW_RUN_ID,
});
allJobs.jobs.forEach((job) => {
if (
job.name === 'coverage-combine' &&
job.status == 'completed' &&
job.conclusion == 'success'
) {
core.exportVariable('COVERAGE', 'completed');
}
});
- name: Output coverage status
id: output
run: echo "coverage=${COVERAGE}" >> "$GITHUB_OUTPUT"
comment:
needs: completed-coverage
# Runs only if we have a completed coverage job from the ci-runner workflow
if: ${{ needs.completed-coverage.outputs.coverage == 'completed' }}
permissions:
issues: write
contents: write
pull-requests: write
runs-on: ubuntu-latest
steps:
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: results
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Comment on PR
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
var fs = require('fs');
const issueNumberPath = './issue_number'
if (!fs.existsSync(issueNumberPath)) {
console.log("Coverage artifacts were not downloaded, succeeding early");
return;
}
var issueNumber = Number(fs.readFileSync(issueNumberPath));
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issueNumber,
body: fs.readFileSync('./coverage-text-report').toString()
});