# If someone with reviewer access comments "/lgtm" on a pull request, add lgtm label name: LGTM Command on: issue_comment: types: [created] permissions: contents: read jobs: lgtm-command: permissions: pull-requests: write # for peter-evans/slash-command-dispatch to create PR reaction issues: write # for adding labels and comments contents: read # for reading CODEOWNERS.md runs-on: ubuntu-latest # Only run for PRs, not issue comments if: ${{ github.event.issue.pull_request }} steps: # Checkout repo to access CODEOWNERS.md - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: sparse-checkout: | CODEOWNERS.md persist-credentials: false # Generate a GitHub App installation access token - name: Generate token id: generate_token uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 env: LGTM_APP_ID: ${{ secrets.LGTM_APP_ID }} LGTM_PRIVATE_KEY: ${{ secrets.LGTM_PRIVATE_KEY }} with: app-id: ${{ env.LGTM_APP_ID }} private-key: ${{ env.LGTM_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - name: Slash Command Dispatch uses: peter-evans/slash-command-dispatch@9bdcd7914ec1b75590b790b844aa3b8eee7c683a # v5.0.2 with: token: ${{ steps.generate_token.outputs.token }} reaction-token: ${{ secrets.GITHUB_TOKEN }} issue-type: pull-request commands: lgtm permission: none # anyone can use the command, but permissions are checked in the workflow itself. - name: Process LGTM Command if: ${{ github.event.comment.body == '/lgtm' }} uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v7 with: github-token: ${{ steps.generate_token.outputs.token }} script: | const { default: run } = await import(`${process.env.GITHUB_WORKSPACE}/.github/scripts/lgtm-processor.js`); await run({ core, github, context, fs: require('fs') });