Comment on the pull request #356
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # NOTE: This has read-write repo token and access to secrets, so this must | |
| # not run any untrusted code. | |
| # see: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ | |
| name: Comment on the pull request | |
| on: | |
| workflow_run: | |
| workflows: ["Build Plugins PR"] | |
| types: | |
| - completed | |
| jobs: | |
| upload: | |
| runs-on: ubuntu-latest | |
| if: github.event.workflow_run.event == 'pull_request' | |
| steps: | |
| - name: 'Download artifact' | |
| uses: actions/github-script@v6.4.1 | |
| with: | |
| script: | | |
| var artifacts = await github.rest.actions.listWorkflowRunArtifacts({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| run_id: ${{github.event.workflow_run.id }}, | |
| }); | |
| var matchArtifact = artifacts.data.artifacts.filter((artifact) => { | |
| return artifact.name == "pr" | |
| })[0]; | |
| var download = await github.rest.actions.downloadArtifact({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| artifact_id: matchArtifact.id, | |
| archive_format: 'zip', | |
| }); | |
| var fs = require('fs'); | |
| fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data)); | |
| - name: 'Unpack artifact' | |
| run: unzip pr.zip | |
| - name: 'Comment on PR' | |
| uses: actions/github-script@v6.4.1 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| var fs = require('fs'); | |
| var issue_number = Number(fs.readFileSync('./NR')); | |
| var comment_body = fs.readFileSync('./COMMENT'); | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: issue_number, | |
| body: comment_body.toString('utf8') | |
| }); |