feat: $effect.pending(value)
(runtime-first approach)
#26192
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ecosystem-ci trigger | |
on: | |
issue_comment: | |
types: [created] | |
permissions: {} | |
jobs: | |
trigger: | |
runs-on: ubuntu-latest | |
if: github.repository == 'sveltejs/svelte' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/ecosystem-ci run') | |
permissions: | |
issues: write # to add / delete reactions, post comments | |
pull-requests: write # to read PR data, and to add labels | |
actions: read # to check workflow status | |
contents: read # to clone the repo | |
steps: | |
- name: Check User Permissions | |
uses: actions/github-script@v8 | |
id: check-permissions | |
with: | |
script: | | |
const user = context.payload.sender.login | |
console.log(`Validate user: ${user}`) | |
let hasTriagePermission = false | |
try { | |
const { data } = await github.rest.repos.getCollaboratorPermissionLevel({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
username: user, | |
}); | |
hasTriagePermission = data.user.permissions.triage | |
} catch (e) { | |
console.warn(e) | |
} | |
if (hasTriagePermission) { | |
console.log('User is allowed. Adding +1 reaction.') | |
await github.rest.reactions.createForIssueComment({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
comment_id: context.payload.comment.id, | |
content: '+1', | |
}) | |
} else { | |
console.log('User is not allowed. Adding -1 reaction.') | |
await github.rest.reactions.createForIssueComment({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
comment_id: context.payload.comment.id, | |
content: '-1', | |
}) | |
throw new Error('User does not have the necessary permissions.') | |
} | |
- name: Get PR Data | |
uses: actions/github-script@v8 | |
id: get-pr-data | |
with: | |
script: | | |
console.log(`Get PR info: ${context.repo.owner}/${context.repo.repo}#${context.issue.number}`) | |
const { data: pr } = await github.rest.pulls.get({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
pull_number: context.issue.number | |
}) | |
const commentCreatedAt = new Date(context.payload.comment.created_at) | |
const commitPushedAt = new Date(pr.head.repo.pushed_at) | |
console.log(`Comment created at: ${commentCreatedAt.toISOString()}`) | |
console.log(`PR last pushed at: ${commitPushedAt.toISOString()}`) | |
// Check if any commits were pushed after the comment was created | |
if (commitPushedAt > commentCreatedAt) { | |
const errorMsg = [ | |
'⚠️ Security warning: PR was updated after the trigger command was posted.', | |
'', | |
`Comment posted at: ${commentCreatedAt.toISOString()}`, | |
`PR last pushed at: ${commitPushedAt.toISOString()}`, | |
'', | |
'This could indicate an attempt to inject code after approval.', | |
'Please review the latest changes and re-run /ecosystem-ci run if they are acceptable.' | |
].join('\n') | |
core.setFailed(errorMsg) | |
await github.rest.issues.createComment({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
issue_number: context.issue.number, | |
body: errorMsg | |
}) | |
throw new Error('PR was pushed to after comment was created') | |
} | |
return { | |
num: context.issue.number, | |
branchName: pr.head.ref, | |
commit: pr.head.sha, | |
repo: pr.head.repo.full_name | |
} | |
- name: Generate Token | |
id: generate-token | |
uses: actions/create-github-app-token@v2 | |
with: | |
app-id: ${{ secrets.ECOSYSTEM_CI_GITHUB_APP_ID }} | |
private-key: ${{ secrets.ECOSYSTEM_CI_GITHUB_APP_PRIVATE_KEY }} | |
repositories: | | |
svelte | |
svelte-ecosystem-ci | |
- name: Trigger Downstream Workflow | |
uses: actions/github-script@v8 | |
id: trigger | |
env: | |
COMMENT: ${{ github.event.comment.body }} | |
PR_DATA: ${{ steps.get-pr-data.outputs.result }} | |
with: | |
github-token: ${{ steps.generate-token.outputs.token }} | |
script: | | |
const comment = process.env.COMMENT.trim() | |
const prData = JSON.parse(process.env.PR_DATA) | |
const suite = comment.split('\n')[0].replace(/^\/ecosystem-ci run/, '').trim() | |
await github.rest.actions.createWorkflowDispatch({ | |
owner: context.repo.owner, | |
repo: 'svelte-ecosystem-ci', | |
workflow_id: 'ecosystem-ci-from-pr.yml', | |
ref: 'main', | |
inputs: { | |
prNumber: '' + prData.num, | |
branchName: prData.branchName, | |
repo: prData.repo, | |
commit: prData.commit, | |
suite: suite === '' ? '-' : suite | |
} | |
}) |