helm-external-secrets/.github/workflows/ok-to-test.yml

# If someone with write access comments "/ok-to-test" on a pull request, emit a repository_dispatch event
name: Ok To Test

on:
  issue_comment:
    types: [created]

permissions:
  contents: read

jobs:
  ok-to-test:
    permissions:
      pull-requests: write  # for peter-evans/slash-command-dispatch to create PR reaction
    runs-on: ubuntu-latest
    # Only run for PRs, not issue comments
    if: ${{ github.event.issue.pull_request }}
    steps:
    - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
      with:
        egress-policy: audit
    # Generate a GitHub App installation access token from an App ID and private key
    # To create a new GitHub App:
    #   https://developer.github.com/apps/building-github-apps/creating-a-github-app/
    # See app.yml for an example app manifest
    - name: Generate token
      id: generate_token
      uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
      with:
        app-id: ${{ secrets.APP_ID }}
        private-key: ${{ secrets.PRIVATE_KEY }}
        owner: ${{ github.repository_owner }}

    - name: Slash Command Dispatch
      uses: peter-evans/slash-command-dispatch@9bdcd7914ec1b75590b790b844aa3b8eee7c683a # v5.0.2
      with:
        token: ${{ steps.generate_token.outputs.token }}
        reaction-token: ${{ secrets.GITHUB_TOKEN }}
        issue-type: pull-request
        commands: ok-to-test
        permission: maintain