Skip to content

ci: add GitHub actions for checking PRs and publishing #2

ci: add GitHub actions for checking PRs and publishing

ci: add GitHub actions for checking PRs and publishing #2

Workflow file for this run

---
#
# PLEASE NOTE: Managed workflow - do not change manually
#
name: Autosquash
on:
issue_comment:
types: [created]
jobs:
autosquash:
env:
# for GitHub CLI
GH_TOKEN: ${{ github.token }}
# If a pull request is commented with /autosquash
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/autosquash') }}
runs-on: ubuntu-latest
steps:
- name: Determine app token # so that later pushing can run check workflows
env:
WE_HELPER_GITHUB_PRIVATE_KEY: ${{ secrets.WE_HELPER_GITHUB_PRIVATE_KEY }}
if: env.WE_HELPER_GITHUB_PRIVATE_KEY # only if we have the required secret
uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
id: app-token
with:
app-id: ${{ secrets.WE_HELPER_GITHUB_APP_ID }}
private-key: ${{ secrets.WE_HELPER_GITHUB_PRIVATE_KEY }}
- name: Checkout the repository and persist credentials
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
token: ${{ steps.app-token.outputs.token || github.token }}
- name: Determine PR head repo owner
run: |
echo "PR_OWNER=$(gh pr view ${{ github.event.issue.number }} --json headRepositoryOwner -q .headRepositoryOwner.login)" >> $GITHUB_ENV
- name: Verify not a fork PR
# Reason: We want to ensure that the token has write permissions to the repo the PR originated from, also that the user has write permissions to the main repo
run: |
if [ "$PR_OWNER" = "${{ github.repository_owner }}" ]; then
echo "PR is not from a fork"
else
echo "Not supported for PRs from a fork"
exit 1
fi
- name: Check if organization member
id: is_organization_member
if: github.event.sender.login != github.event.issue.user.login # avoid organization check if unnecessary
uses: JamesSingleton/is-organization-member@20f38a5b256765f86036beeea415021d3b1c9dc6
with:
organization: ${{ github.repository_owner }}
username: ${{ github.event.sender.login }}
token: ${{ github.token }}
- name: Verify user
if: ${{ steps.is_organization_member.outputs.result != 'true' }}
run: |
if [ "${{ github.event.sender.login }}" = "${{ github.event.issue.user.login }}" ]; then
echo "User is issue author"
else
echo "User is neither issue author nor organization member"
exit 1
fi
- name: Checkout pull request
run: gh pr checkout ${{ github.event.issue.number }}
- name: Set up git
run: |
git config --global user.name "github-actions[bot]"
git config --global user.email "github-actions[bot]@users.noreply.github.com"
- name: Perform interactive rebase with autosquash
env:
EDITOR: 'true' # to automatically complete the interactive rebase
run: |
BASE_REF=$(gh pr view ${{ github.event.issue.number }} --json baseRefName -q .baseRefName)
git fetch origin
git rebase -i --autosquash origin/$BASE_REF
- name: Push changes
run: |
git push --force-with-lease