Skip to content

Add blog post for the security audit results #5457

Add blog post for the security audit results

Add blog post for the security audit results #5457

Workflow file for this run

name: PR actions
on:
issue_comment:
types: [created]
env:
COMMENT: ${{ github.event.comment.body }}
PR_NUM: ${{ github.event.issue.number }}
USER_EMAIL: [email protected]
USER_NAME: opentelemetrybot
jobs:
pr-action:
name: Run PR action
runs-on: ubuntu-latest
if: |
github.event.issue.pull_request &&
startsWith(github.event.comment.body, '/fix:')
permissions:
contents: write
pull-requests: write
env:
DEPTH: --depth 1000 # submodule clone depth
steps:
- name: Extract action name
id: extract_action_name
run: |
PR_ACTION=$(echo $COMMENT | grep -oP '/fix:\K\w+')
echo "Action is $PR_ACTION"
ACTION_NAMES="all|dict|filenames|format|i18n|markdown|refcache|submodules|text"
if [[ ! "$PR_ACTION" =~ ^($ACTION_NAMES)$ ]]; then
echo "Invalid action name: $PR_ACTION"
echo "Action name should be one of: $ACTION_NAMES"
exit 1
fi
echo "PR_ACTION=$PR_ACTION" >> "$GITHUB_ENV"
- name: Context info
run: |
echo $PR_NUM
echo $COMMENT
- uses: actions/checkout@v4
- name: Write start comment
run: |
gh pr comment $PR_NUM -b "You triggered fix:${PR_ACTION} action run at $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID"
env:
GH_TOKEN: ${{ secrets.OPENTELEMETRYBOT_GITHUB_TOKEN }}
- run: gh pr checkout $PR_NUM -b "pr-action-${RANDOM}"
env:
GH_TOKEN: ${{ secrets.OPENTELEMETRYBOT_GITHUB_TOKEN }}
- name: Create NPM cache-hash input file
run: |
mkdir -p tmp
jq '{devDependencies, dependencies, engines, gitHubActionCacheKey}' package.json > tmp/package-ci.json
- uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
cache: npm
cache-dependency-path: tmp/package-ci.json
- run: |
case $PR_ACTION in
all|refcache)
npm install --omit=optional
;&
dict|filenames|format|markdown|submodules)
npm run fix:$PR_ACTION
;;
esac
git status
git branch -v
- name: Commit and push changes, if any
run: |
git config --local user.email "$USER_EMAIL"
git config --local user.name "$USER_NAME"
if [[ $(git status --porcelain) ]]; then
git add -A
current_branch=$(git rev-parse --abbrev-ref HEAD)
echo current_branch=$current_branch
# gh pr checkout sets some git configs that we can use to make sure
# we push to the right repo & to the right branch
remote_repo=$(git config --get branch.${current_branch}.remote)
echo remote_repo=$remote_repo
remote_branch=$(git config --get branch.${current_branch}.merge)
echo remote_branch=$remote_branch
git commit -m "Results from /fix:${PR_ACTION}"
git push ${remote_repo} HEAD:${remote_branch}
else
echo "No changes to commit"
fi
env:
GH_TOKEN: ${{ secrets.OPENTELEMETRYBOT_GITHUB_TOKEN }}
- name: Report an error in the case of failure
if: ${{ failure() || cancelled() }}
run: |
gh pr comment $PR_NUM -b "fix:${PR_ACTION} run failed, please check $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID for details"
env:
GH_TOKEN: ${{ secrets.OPENTELEMETRYBOT_GITHUB_TOKEN }}