helm-external-secrets/.github/workflows/ok-to-test.yml

# If someone with write access comments "/ok-to-test" on a pull request, emit a repository_dispatch event
name: Ok To Test

on:
  issue_comment:
    types: [created]

permissions:
  contents: read

jobs:
  ok-to-test:
    permissions:
      pull-requests: write  # for peter-evans/slash-command-dispatch to create PR reaction
    runs-on: ubuntu-latest
    # Only run for PRs, not issue comments
    if: ${{ github.event.issue.pull_request }}
    steps:
    - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
      with:
        egress-policy: audit
    # Generate a GitHub App installation access token from an App ID and private key
    # To create a new GitHub App:
    #   https://developer.github.com/apps/building-github-apps/creating-a-github-app/
    # See app.yml for an example app manifest
    - name: Generate token
      id: generate_token
      uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0
      with:
        app-id: ${{ secrets.APP_ID }}
        private-key: ${{ secrets.PRIVATE_KEY }}
        owner: ${{ github.repository_owner }}

    - name: Slash Command Dispatch
      uses: peter-evans/slash-command-dispatch@5c11dc7efead556e3bdabf664302212f79eb26fa # v5.0.1
      with:
        token: ${{ steps.generate_token.outputs.token }}
        reaction-token: ${{ secrets.GITHUB_TOKEN }}
        issue-type: pull-request
        commands: ok-to-test
        permission: maintain