Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document permissions and add example workflow / integration job #401

Merged
merged 4 commits into from
Oct 30, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions .github/commenter.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
Backend:
where:
path:
matches: "backend/**/*"
body: |
:wave: You've changed Backend code, please:

- [ ] Do this
- [ ] And this
- [ ] And that

Frontend:
where:
path:
matches: "frontend/**/*"
body: |
:wave: You've changed Frontend code, please:

- [ ] Do this
- [ ] And this
- [ ] And that
11 changes: 11 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,14 @@ jobs:
- run: npm install
- run: npm run build
- run: npm test

integration:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@v4
- uses: ./
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
13 changes: 13 additions & 0 deletions .github/workflows/example.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
name: Example

on:
pull_request:
types: [opened]

jobs:
comment:
runs-on: ubuntu-latest
steps:
- uses: actions/commenter@v1
Copy link
Member

@pbrisbin pbrisbin Oct 30, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh.

I didn't realize this is what you meant, and it feels a bit weird. I see why you suggested not running this workflow on PRs -- it's not exercising the changed code. If I take back my suggestion to run this on PRs (there's no reason to if it's not running with uses: ./) then what is the benefit of this vs just leaving it to the README?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The README could remove some of the YAML and refer to the example.yml instead. The workflow is validated and the configuration is parsed by those runs, so it provides slightly more assurance than YAML code blocks in the README, but I don't feel strongly it's a huge improvement.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm yeah, same here about not feeling strongly.

with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
17 changes: 17 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,23 @@ jobs:

See [`action.yml`](./action.yml).

## Permissions

Running this action requires the following permissions:

```yaml
permissions:
contents: read
pull-requests: write
```

These are required to be explicitly set for repositories with [restricted
default access][perms] for workflows or to allow a workflow run triggered by
Dependabot pull requests, which are run as if they are from a forked
repository and use a read-only `GITHUB_TOKEN`.

[perms]: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

## Additional Options

You can also match based on specific file changes by supplying the
Expand Down
Loading