Build/semantic release #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# | |
# PLEASE NOTE: Managed workflow - do not change manually | |
# | |
name: Autosquash | |
on: | |
issue_comment: | |
types: [created] | |
jobs: | |
autosquash: | |
env: | |
# for GitHub CLI | |
GH_TOKEN: ${{ github.token }} | |
# If a pull request is commented with /autosquash | |
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/autosquash') }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Determine app token # so that later pushing can run check workflows | |
env: | |
WE_HELPER_GITHUB_PRIVATE_KEY: ${{ secrets.WE_HELPER_GITHUB_PRIVATE_KEY }} | |
if: env.WE_HELPER_GITHUB_PRIVATE_KEY # only if we have the required secret | |
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 | |
id: app-token | |
with: | |
app-id: ${{ secrets.WE_HELPER_GITHUB_APP_ID }} | |
private-key: ${{ secrets.WE_HELPER_GITHUB_PRIVATE_KEY }} | |
- name: Checkout the repository and persist credentials | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
token: ${{ steps.app-token.outputs.token || github.token }} | |
- name: Determine PR head repo owner | |
run: | | |
echo "PR_OWNER=$(gh pr view ${{ github.event.issue.number }} --json headRepositoryOwner -q .headRepositoryOwner.login)" >> $GITHUB_ENV | |
- name: Verify not a fork PR | |
# Reason: We want to ensure that the token has write permissions to the repo the PR originated from, also that the user has write permissions to the main repo | |
run: | | |
if [ "$PR_OWNER" = "${{ github.repository_owner }}" ]; then | |
echo "PR is not from a fork" | |
else | |
echo "Not supported for PRs from a fork" | |
exit 1 | |
fi | |
- name: Check if organization member | |
id: is_organization_member | |
if: github.event.sender.login != github.event.issue.user.login # avoid organization check if unnecessary | |
uses: JamesSingleton/is-organization-member@20f38a5b256765f86036beeea415021d3b1c9dc6 | |
with: | |
organization: ${{ github.repository_owner }} | |
username: ${{ github.event.sender.login }} | |
token: ${{ github.token }} | |
- name: Verify user | |
if: ${{ steps.is_organization_member.outputs.result != 'true' }} | |
run: | | |
if [ "${{ github.event.sender.login }}" = "${{ github.event.issue.user.login }}" ]; then | |
echo "User is issue author" | |
else | |
echo "User is neither issue author nor organization member" | |
exit 1 | |
fi | |
- name: Checkout pull request | |
run: gh pr checkout ${{ github.event.issue.number }} | |
- name: Set up git | |
run: | | |
git config --global user.name "github-actions[bot]" | |
git config --global user.email "github-actions[bot]@users.noreply.github.com" | |
- name: Perform interactive rebase with autosquash | |
env: | |
EDITOR: 'true' # to automatically complete the interactive rebase | |
run: | | |
BASE_REF=$(gh pr view ${{ github.event.issue.number }} --json baseRefName -q .baseRefName) | |
git fetch origin | |
git rebase -i --autosquash origin/$BASE_REF | |
- name: Push changes | |
run: | | |
git push --force-with-lease |