diff --git a/.github/workflows/cmd.yml b/.github/workflows/cmd.yml index c655700b78a93..5196e8477ee25 100644 --- a/.github/workflows/cmd.yml +++ b/.github/workflows/cmd.yml @@ -12,6 +12,7 @@ permissions: # allow the action to comment on the PR jobs: is-org-member: + if: startsWith(github.event.comment.body, '/cmd') runs-on: ubuntu-latest outputs: member: ${{ steps.is-member.outputs.is-member }} @@ -19,21 +20,57 @@ jobs: - name: Checkout uses: actions/checkout@v4 + - name: Generate token + id: generate_token + uses: tibdex/github-app-token@v2.1.0 + with: + app_id: ${{ secrets.CMD_BOT_APP_ID }} + private_key: ${{ secrets.CMD_BOT_APP_KEY }} + - name: Check if user is a member of the organization id: is-member uses: actions/github-script@v7 with: - github-token: ${{ secrets.GITHUB_TOKEN }} + github-token: ${{ steps.generate_token.outputs.token }} + result-encoding: string script: | - const membership = await github.orgs.checkMembershipForUser({ - org: context.repo.owner, - username: context.actor - }) - return membership.data.state === 'active' + const fs = require("fs"); + try { + const org = '${{ github.event.repository.owner.login }}'; + const username = '${{ github.event.comment.user.login }}'; + + const membership = await github.rest.orgs.checkMembershipForUser({ + org: org, + username: username + }); + + console.log(membership, membership.status, membership.status === 204); + + if (membership.status === 204) { + return 'true'; + } else { + console.log(membership); + fs.appendFileSync(process.env["GITHUB_STEP_SUMMARY"], `${membership.data && membership.data.message || 'Unknown error happened, please check logs'}`); + } + } catch (error) { + console.log(error) + } + + return 'false'; + test: + runs-on: ubuntu-latest + needs: is-org-member + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Test + run: | + echo "${{ needs.is-org-member.outputs.member }}" - reject-non-fellows: + reject-non-members: needs: is-org-member - if: ${{ startsWith(github.event.comment.body, '/cmd') && !contains(needs.fellows.outputs.github-handles, github.event.sender.login) }} + if: ${{ startsWith(github.event.comment.body, '/cmd') && needs.is-org-member.outputs.member != 'true' }} runs-on: ubuntu-latest steps: - name: Add reaction to rejected comment @@ -57,12 +94,12 @@ jobs: issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, - body: `Sorry, only fellows can run commands.` + body: `Sorry, only ${{ github.event.repository.owner.login }} members can run commands.` }) acknowledge: - needs: fellows - if: ${{ startsWith(github.event.comment.body, '/cmd') && contains(needs.fellows.outputs.github-handles, github.event.sender.login) }} + needs: is-org-member + if: ${{ startsWith(github.event.comment.body, '/cmd') && needs.is-org-member.outputs.member == 'true' }} runs-on: ubuntu-latest steps: - name: Add reaction to triggered comment @@ -85,7 +122,7 @@ jobs: uses: actions/checkout@v4 - name: Clean previous comments - if: ${{ startsWith(github.event.comment.body, '/cmd') && contains(github.event.comment.body, '--clean') && contains(needs.fellows.outputs.github-handles, github.event.sender.login) }} + if: ${{ startsWith(github.event.comment.body, '/cmd') && contains(github.event.comment.body, '--clean') && needs.is-org-member.outputs.member == 'true' }} uses: actions/github-script@v7 with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -114,7 +151,7 @@ jobs: }) help: needs: [ clean, is-org-member ] - if: ${{ startsWith(github.event.comment.body, '/cmd') && contains(github.event.comment.body, '--help') && contains(needs.fellows.outputs.github-handles, github.event.sender.login) }} + if: ${{ startsWith(github.event.comment.body, '/cmd') && contains(github.event.comment.body, '--help') && needs.is-org-member.outputs.member == 'true' }} runs-on: ubuntu-latest steps: - name: Checkout @@ -178,7 +215,7 @@ jobs: needs: [ clean, is-org-member ] env: JOB_NAME: 'cmd' - if: ${{ startsWith(github.event.comment.body, '/cmd') && !contains(github.event.comment.body, '--help') && contains(needs.fellows.outputs.github-handles, github.event.sender.login) }} + if: ${{ startsWith(github.event.comment.body, '/cmd') && !contains(github.event.comment.body, '--help') && needs.is-org-member.outputs.member == 'true' }} runs-on: ${{ startsWith(github.event.comment.body, '/cmd bench') && 'arc-runners-polkadot-sdk-benchmark' || 'ubuntu-latest' }} steps: - name: Install updates and protobuf-compiler @@ -257,7 +294,7 @@ jobs: if: startsWith(steps.get-pr-comment.outputs.group2, 'bench') uses: Swatinem/rust-cache@a95ba195448af2da9b00fb742d14ffaaf3c21f43 # v2.7.0 with: - shared-key: "fellowship-cmd" + shared-key: "polkadot-sdk-cmd-${{ github.sha }}" - name: Run cmd id: cmd