| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 |
- # If someone with reviewer access comments "/lgtm" on a pull request, add lgtm label
- name: LGTM Command
- on:
- issue_comment:
- types: [created]
- permissions:
- contents: read
- jobs:
- lgtm-command:
- permissions:
- pull-requests: write # for peter-evans/slash-command-dispatch to create PR reaction
- issues: write # for adding labels and comments
- contents: read # for reading CODEOWNERS.md
- runs-on: ubuntu-latest
- # Only run for PRs, not issue comments
- if: ${{ github.event.issue.pull_request }}
- steps:
- # Checkout repo to access CODEOWNERS.md
- - name: Checkout repository
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- with:
- sparse-checkout: |
- CODEOWNERS.md
- persist-credentials: false
- # Generate a GitHub App installation access token
- - name: Generate token
- id: generate_token
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
- env:
- LGTM_APP_ID: ${{ secrets.LGTM_APP_ID }}
- LGTM_PRIVATE_KEY: ${{ secrets.LGTM_PRIVATE_KEY }}
- with:
- app-id: ${{ env.LGTM_APP_ID }}
- private-key: ${{ env.LGTM_PRIVATE_KEY }}
- owner: ${{ github.repository_owner }}
- - name: Slash Command Dispatch
- uses: peter-evans/slash-command-dispatch@9bdcd7914ec1b75590b790b844aa3b8eee7c683a # v5.0.2
- with:
- token: ${{ steps.generate_token.outputs.token }}
- reaction-token: ${{ secrets.GITHUB_TOKEN }}
- issue-type: pull-request
- commands: lgtm
- permission: none # anyone can use the command, but permissions are checked in the workflow itself.
- - name: Process LGTM Command
- if: ${{ github.event.comment.body == '/lgtm' }}
- uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v7
- with:
- github-token: ${{ steps.generate_token.outputs.token }}
- script: |
- const { default: run } = await import(`${process.env.GITHUB_WORKSPACE}/.github/scripts/lgtm-processor.js`);
- await run({ core, github, context, fs: require('fs') });
|
