mirror of
https://github.com/twentyhq/twenty.git
synced 2026-06-12 01:46:39 -04:00
565995e715
- Pin all third-party actions to SHA - Gate claude.yml triggers to internal authors with Harden-Runner egress audit - Ignore fork-PR lifecycle scripts - Narrow cross-repo dispatch payloads - Add 7d npm release-age gate - Add CODEOWNERS on .github/** and .yarnrc.yml --------- Co-authored-by: prastoin <paul@twenty.com>
79 lines
2.8 KiB
YAML
79 lines
2.8 KiB
YAML
name: Post CI Comments
|
|
|
|
on:
|
|
workflow_run:
|
|
workflows: ['GraphQL and OpenAPI Breaking Changes Detection']
|
|
types: [completed]
|
|
|
|
permissions:
|
|
actions: read
|
|
|
|
jobs:
|
|
dispatch-breaking-changes:
|
|
if: github.event.workflow_run.conclusion == 'success'
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 5
|
|
steps:
|
|
- name: Get PR number from workflow run
|
|
id: pr-info
|
|
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
|
|
with:
|
|
script: |
|
|
const runId = context.payload.workflow_run.id;
|
|
const headSha = context.payload.workflow_run.head_sha;
|
|
const headBranch = context.payload.workflow_run.head_branch;
|
|
const headRepo = context.payload.workflow_run.head_repository;
|
|
|
|
// workflow_run.pull_requests is empty for fork PRs,
|
|
// so fall back to searching by head SHA
|
|
let pullRequests = context.payload.workflow_run.pull_requests;
|
|
let prNumber;
|
|
|
|
if (pullRequests && pullRequests.length > 0) {
|
|
prNumber = pullRequests[0].number;
|
|
} else {
|
|
core.info(`pull_requests is empty (likely a fork PR), searching by SHA ${headSha}`);
|
|
const owner = context.repo.owner;
|
|
const repo = context.repo.repo;
|
|
const headLabel = `${headRepo.owner.login}:${headBranch}`;
|
|
|
|
const { data: prs } = await github.rest.pulls.list({
|
|
owner,
|
|
repo,
|
|
state: 'open',
|
|
head: headLabel,
|
|
per_page: 1,
|
|
});
|
|
|
|
if (prs.length > 0) {
|
|
prNumber = prs[0].number;
|
|
}
|
|
}
|
|
|
|
if (!prNumber) {
|
|
core.info('No pull request found for this workflow run');
|
|
core.setOutput('has_pr', 'false');
|
|
return;
|
|
}
|
|
|
|
core.setOutput('pr_number', prNumber);
|
|
core.setOutput('run_id', runId);
|
|
core.setOutput('has_pr', 'true');
|
|
core.info(`PR #${prNumber}, Run ID: ${runId}`);
|
|
|
|
- name: Dispatch to ci-privileged
|
|
if: steps.pr-info.outputs.has_pr == 'true'
|
|
env:
|
|
GH_TOKEN: ${{ secrets.CI_PRIVILEGED_DISPATCH_TOKEN }}
|
|
PR_NUMBER: ${{ steps.pr-info.outputs.pr_number }}
|
|
RUN_ID: ${{ steps.pr-info.outputs.run_id }}
|
|
REPOSITORY: ${{ github.repository }}
|
|
BRANCH_STATE: ${{ github.event.workflow_run.head_branch }}
|
|
run: |
|
|
gh api repos/twentyhq/ci-privileged/dispatches \
|
|
-f event_type=breaking-changes-report \
|
|
-f "client_payload[pr_number]=$PR_NUMBER" \
|
|
-f "client_payload[run_id]=$RUN_ID" \
|
|
-f "client_payload[repo]=$REPOSITORY" \
|
|
-f "client_payload[branch_state]=$BRANCH_STATE"
|