helm-external-secrets/.github/workflows/ok-to-test-managed.yml

# If someone with write access comments "/ok-to-test-managed" on a pull request, emit a repository_dispatch event
name: Ok To Test

on:
  issue_comment:
    types: [created]

permissions:
  contents: read

jobs:
  ok-to-test-managed:
    permissions:
      pull-requests: write  # for peter-evans/slash-command-dispatch to create PR reaction
    runs-on: ubuntu-latest
    # Only run for PRs, not issue comments
    if: ${{ github.event.issue.pull_request }}
    steps:
    # Generate a GitHub App installation access token from an App ID and private key
    # To create a new GitHub App:
    #   https://developer.github.com/apps/building-github-apps/creating-a-github-app/
    # See app.yml for an example app manifest
    - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
      with:
        egress-policy: audit
    - name: Generate token
      id: generate_token
      uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
      with:
        app-id: ${{ secrets.APP_ID }}
        private-key: ${{ secrets.PRIVATE_KEY }}
        owner: ${{ github.repository_owner }}

    - name: Slash Command Dispatch
      uses: peter-evans/slash-command-dispatch@13bc09769d122a64f75aa5037256f6f2d78be8c4 # v4.0.0
      env:
        TOKEN: ${{ steps.generate_token.outputs.token }}
      with:
        token: ${{ env.TOKEN }} # GitHub App installation access token
        # token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} # PAT or OAuth token will also work
        reaction-token: ${{ secrets.GITHUB_TOKEN }}
        issue-type: pull-request
        commands: ok-to-test-managed
        permission: maintain