Awesome/awesome-copilot
1
0
Fork 0
mirror of https://github.com/github/awesome-copilot.git synced 2026-05-28 01:21:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add public external plugin workflows (#1723)

Browse Source 
* feat: add external plugin submission workflows

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* minor adjustment to contributing guide

* fix: address external plugin review feedback

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Reverting some changes to the readme.agents.md file

* fix: address follow-up review feedback

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: tighten external plugin workflows

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Aaron Powell
2026-05-15 15:37:18 +10:00
committed by GitHub
parent ca8412356a
commit e66aa80240
13 changed files with 2767 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/external-plugin-approval-command.yml
+534
View File
@@ -0,0 +1,534 @@
name: External Plugin Approval Commands
on:
issue_comment:
types: [created]
permissions:
contents: write
issues: write
pull-requests: write
jobs:
handle-command:
runs-on: ubuntu-latest
if: >-
!github.event.issue.pull_request &&
(contains(github.event.comment.body, '/approve') || contains(github.event.comment.body, '/reject'))
steps:
- name: Checkout staged branch
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
ref: staged
fetch-depth: 0
- name: Setup Node.js
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: 22
cache: npm
- name: Parse decision command
id: parse
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
with:
script: |
const path = require('path');
const { pathToFileURL } = require('url');
const approval = await import(pathToFileURL(path.join(process.env.GITHUB_WORKSPACE, 'eng', 'external-plugin-approval.mjs')).href);
const intake = await import(pathToFileURL(path.join(process.env.GITHUB_WORKSPACE, 'eng', 'external-plugin-intake.mjs')).href);
const parsedCommand = approval.parseDecisionCommand(context.payload.comment.body);
core.setOutput('should-run', 'false');
if (!parsedCommand) {
core.info('No supported external plugin approval command was found.');
return;
}
const permission = await github.rest.repos.getCollaboratorPermissionLevel({
owner: context.repo.owner,
repo: context.repo.repo,
username: context.payload.comment.user.login
});
const hasWriteAccess = ['admin', 'write', 'maintain'].includes(permission.data.permission);
if (!hasWriteAccess) {
core.info(`Ignoring ${parsedCommand.command} because ${context.payload.comment.user.login} does not have write access.`);
return;
}
const currentIssue = await github.rest.issues.get({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number
});
const labelNames = new Set((currentIssue.data.labels || []).map((label) => label.name));
if (!labelNames.has('external-plugin')) {
core.info('Ignoring command because the issue is not an external plugin submission.');
return;
}
const evaluation = await intake.evaluateExternalPluginIssue({
issue: currentIssue.data,
token: process.env.GITHUB_TOKEN
});
const fallbackName = evaluation.plugin?.name ?? `issue-${context.issue.number}`;
const canApprove = labelNames.has('ready-for-review') || labelNames.has('approved');
const canReject = !labelNames.has('approved');
if (parsedCommand.command === 'approve' && !canApprove) {
core.info('Ignoring /approve because the issue is not ready for review.');
return;
}
if (parsedCommand.command === 'reject' && !canReject) {
core.info('Ignoring /reject because the issue is already approved.');
return;
}
core.setOutput('should-run', 'true');
core.setOutput('command', parsedCommand.command);
core.setOutput('reason', parsedCommand.reason ?? '');
core.setOutput('validation-valid', evaluation.valid ? 'true' : 'false');
core.setOutput('validation-errors', JSON.stringify(evaluation.errors));
core.setOutput('plugin-name', fallbackName);
core.setOutput('plugin-slug', approval.slugifyPluginName(fallbackName));
core.setOutput('source-repo', evaluation.plugin?.source?.repo ?? '');
- name: Comment blocked approval
if: steps.parse.outputs.should-run == 'true' && steps.parse.outputs.command == 'approve' && steps.parse.outputs.validation-valid != 'true'
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
env:
VALIDATION_ERRORS: ${{ steps.parse.outputs.validation-errors }}
PLUGIN_NAME: ${{ steps.parse.outputs.plugin-name }}
with:
script: |
const marker = '<!-- external-plugin-approval-blocked -->';
const errors = JSON.parse(process.env.VALIDATION_ERRORS || '[]');
const body = [
marker,
'## ⚠️ External plugin approval blocked',
'',
`The current issue form for **${process.env.PLUGIN_NAME}** no longer passes automated intake validation, so \`/approve\` was not applied.`,
'',
'### Required fixes',
'',
...(errors.length > 0 ? errors.map((error) => `- ${error}`) : ['- Re-run intake validation by updating the issue details.'])
].join('\n');
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
per_page: 100
});
const existingComment = comments.find((comment) =>
comment.user?.login === 'github-actions[bot]' &&
comment.body?.includes(marker)
);
if (existingComment) {
await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: existingComment.id,
body
});
} else {
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body
});
}
- name: Install dependencies
if: steps.parse.outputs.should-run == 'true' && steps.parse.outputs.command == 'approve' && steps.parse.outputs.validation-valid == 'true'
run: npm ci
- name: Update external plugin catalog and PR
id: approval_pr
if: steps.parse.outputs.should-run == 'true' && steps.parse.outputs.command == 'approve' && steps.parse.outputs.validation-valid == 'true'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
result=$(node ./eng/external-plugin-approval.mjs approve "$GITHUB_EVENT_PATH" --file ./plugins/external.json)
{
echo 'result<<EOF'
echo "$result"
echo 'EOF'
} >> "$GITHUB_OUTPUT"
plugin_name=$(node -e "const data = JSON.parse(process.argv[1]); process.stdout.write(data.plugin.name);" "$result")
action=$(node -e "const data = JSON.parse(process.argv[1]); process.stdout.write(data.action);" "$result")
source_repo=$(node -e "const data = JSON.parse(process.argv[1]); process.stdout.write(data.plugin.source.repo);" "$result")
plugin_slug='${{ steps.parse.outputs.plugin-slug }}'
issue_number='${{ github.event.issue.number }}'
branch="automation/external-plugin-approve-${issue_number}-${plugin_slug}"
if [ "$action" = "inserted" ]; then
title_action="Add"
summary_action="add"
else
title_action="Update"
summary_action="update"
fi
npm run build
bash eng/fix-line-endings.sh
pr_url=""
pr_number=""
if git diff --quiet; then
pr_number=$(gh pr list --head "$branch" --base staged --json number --jq '.[0].number')
if [ -n "$pr_number" ]; then
pr_url=$(gh pr view "$pr_number" --json url --jq '.url')
fi
echo "changed=false" >> "$GITHUB_OUTPUT"
echo "plugin-name=$plugin_name" >> "$GITHUB_OUTPUT"
echo "action=$action" >> "$GITHUB_OUTPUT"
echo "source-repo=$source_repo" >> "$GITHUB_OUTPUT"
echo "pr-url=$pr_url" >> "$GITHUB_OUTPUT"
echo "pr-number=$pr_number" >> "$GITHUB_OUTPUT"
exit 0
fi
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git checkout -B "$branch"
git add -A
git commit -m "${title_action} external plugin ${plugin_name}"
git push --force-with-lease origin "$branch"
pr_number=$(gh pr list --head "$branch" --base staged --json number --jq '.[0].number')
pr_body=$(cat <<EOF
## Summary
- ${summary_action} \`${plugin_name}\` in \`plugins/external.json\`
- regenerate marketplace outputs for the approved external plugin submission
- source repository: \`${source_repo}\`
- approved from #${issue_number}
## Validation
- npm run build
EOF
)
if [ -n "$pr_number" ]; then
gh pr edit "$pr_number" \
--title "[external-plugin] ${title_action} ${plugin_name}" \
--body "$pr_body"
pr_url=$(gh pr view "$pr_number" --json url --jq '.url')
else
pr_url=$(gh pr create \
--base staged \
--head "$branch" \
--title "[external-plugin] ${title_action} ${plugin_name}" \
--body "$pr_body")
pr_number=$(gh pr view "$branch" --json number --jq '.number')
fi
echo "changed=true" >> "$GITHUB_OUTPUT"
echo "plugin-name=$plugin_name" >> "$GITHUB_OUTPUT"
echo "action=$action" >> "$GITHUB_OUTPUT"
echo "source-repo=$source_repo" >> "$GITHUB_OUTPUT"
echo "pr-url=$pr_url" >> "$GITHUB_OUTPUT"
echo "pr-number=$pr_number" >> "$GITHUB_OUTPUT"
- name: Finalize approval
if: steps.parse.outputs.should-run == 'true' && steps.parse.outputs.command == 'approve' && steps.parse.outputs.validation-valid == 'true'
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
env:
CHANGED: ${{ steps.approval_pr.outputs.changed }}
ACTION: ${{ steps.approval_pr.outputs.action }}
PLUGIN_NAME: ${{ steps.approval_pr.outputs.plugin-name }}
SOURCE_REPO: ${{ steps.approval_pr.outputs.source-repo }}
PR_URL: ${{ steps.approval_pr.outputs.pr-url }}
PR_NUMBER: ${{ steps.approval_pr.outputs.pr-number }}
with:
script: |
const managedLabels = {
'external-plugin': {
color: 'FEF2C0',
description: 'Public external plugin submission'
},
'awaiting-review': {
color: 'FBCA04',
description: 'Submission is waiting for automated intake validation'
},
'ready-for-review': {
color: '0E8A16',
description: 'Submission passed intake validation and is ready for maintainer review'
},
'approved': {
color: '1D76DB',
description: 'Submission was approved by a maintainer'
},
'rejected': {
color: 'B60205',
description: 'Submission was rejected or failed intake validation'
}
};
async function ensureLabel(name, config) {
try {
await github.rest.issues.createLabel({
owner: context.repo.owner,
repo: context.repo.repo,
name,
color: config.color,
description: config.description
});
} catch (error) {
if (error.status !== 422) {
throw error;
}
}
}
async function removeLabel(issueNumber, name) {
try {
await github.rest.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issueNumber,
name
});
} catch (error) {
if (error.status !== 404) {
throw error;
}
}
}
async function syncIssueLabels(issueNumber, desiredLabels) {
await Promise.all(Object.entries(managedLabels).map(([name, config]) => ensureLabel(name, config)));
const currentLabels = await github.paginate(github.rest.issues.listLabelsOnIssue, {
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issueNumber,
per_page: 100
});
const currentManagedLabels = currentLabels
.map((label) => label.name)
.filter((name) => Object.prototype.hasOwnProperty.call(managedLabels, name));
const labelsToAdd = [...desiredLabels].filter((name) => !currentManagedLabels.includes(name));
const labelsToRemove = currentManagedLabels.filter((name) => !desiredLabels.has(name));
if (labelsToAdd.length > 0) {
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issueNumber,
labels: labelsToAdd
});
}
for (const name of labelsToRemove) {
await removeLabel(issueNumber, name);
}
}
const issueNumber = context.issue.number;
const prNumber = Number(process.env.PR_NUMBER || 0);
const marker = '<!-- external-plugin-approval -->';
const action = process.env.ACTION === 'updated' ? 'updated' : 'added';
const prUrl = process.env.PR_URL;
const body = [
marker,
'## ✅ External plugin approved',
'',
`A maintainer approved **${process.env.PLUGIN_NAME}**, and the submission issue has been closed.`,
'',
`- **Catalog action:** ${action}`,
`- **Source repository:** \`${process.env.SOURCE_REPO}\``,
prUrl
? `- **PR against \`staged\`:** ${prUrl}`
: '- **PR against `staged`:** No new PR was needed because the approved listing is already present.'
].join('\n');
await syncIssueLabels(issueNumber, new Set(['external-plugin', 'approved']));
if (prNumber > 0) {
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: prNumber,
labels: ['external-plugin', 'awaiting-review']
});
}
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issueNumber,
per_page: 100
});
const existingComment = comments.find((comment) =>
comment.user?.login === 'github-actions[bot]' &&
comment.body?.includes(marker)
);
if (existingComment) {
await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: existingComment.id,
body
});
} else {
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issueNumber,
body
});
}
if (context.payload.issue.state !== 'closed') {
await github.rest.issues.update({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issueNumber,
state: 'closed'
});
}
- name: Finalize rejection
if: steps.parse.outputs.should-run == 'true' && steps.parse.outputs.command == 'reject'
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
env:
REASON: ${{ steps.parse.outputs.reason }}
PLUGIN_NAME: ${{ steps.parse.outputs.plugin-name }}
with:
script: |
const managedLabels = {
'external-plugin': {
color: 'FEF2C0',
description: 'Public external plugin submission'
},
'awaiting-review': {
color: 'FBCA04',
description: 'Submission is waiting for automated intake validation'
},
'ready-for-review': {
color: '0E8A16',
description: 'Submission passed intake validation and is ready for maintainer review'
},
'approved': {
color: '1D76DB',
description: 'Submission was approved by a maintainer'
},
'rejected': {
color: 'B60205',
description: 'Submission was rejected or failed intake validation'
}
};
async function ensureLabel(name, config) {
try {
await github.rest.issues.createLabel({
owner: context.repo.owner,
repo: context.repo.repo,
name,
color: config.color,
description: config.description
});
} catch (error) {
if (error.status !== 422) {
throw error;
}
}
}
async function removeLabel(name) {
try {
await github.rest.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
name
});
} catch (error) {
if (error.status !== 404) {
throw error;
}
}
}
await Promise.all(Object.entries(managedLabels).map(([name, config]) => ensureLabel(name, config)));
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
labels: ['external-plugin', 'rejected']
});
await removeLabel('awaiting-review');
await removeLabel('ready-for-review');
await removeLabel('approved');
const marker = '<!-- external-plugin-rejection -->';
const reason = process.env.REASON || 'No additional reason was provided.';
const body = [
marker,
'## ❌ External plugin rejected',
'',
`A maintainer rejected **${process.env.PLUGIN_NAME}**, and the submission issue has been closed.`,
'',
'### Reason',
'',
reason,
'',
'If you address the feedback, open a new external plugin submission issue with the updated details.'
].join('\n');
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
per_page: 100
});
const existingComment = comments.find((comment) =>
comment.user?.login === 'github-actions[bot]' &&
comment.body?.includes(marker)
);
if (existingComment) {
await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: existingComment.id,
body
});
} else {
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body
});
}
if (context.payload.issue.state !== 'closed') {
await github.rest.issues.update({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
state: 'closed'
});
}
.github/workflows/external-plugin-intake.yml
+172
View File
@@ -0,0 +1,172 @@
name: External Plugin Intake
on:
issues:
types: [opened, edited, reopened]
permissions:
contents: read
issues: write
jobs:
validate-submission:
runs-on: ubuntu-latest
if: >-
contains(github.event.issue.labels.*.name, 'external-plugin') ||
contains(github.event.issue.body, '<!-- external-plugin-submission -->')
steps:
- name: Checkout repository
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- name: Evaluate submission
id: evaluation
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
result=$(node ./eng/external-plugin-intake.mjs "$GITHUB_EVENT_PATH")
{
echo 'result<<EOF'
echo "$result"
echo 'EOF'
} >> "$GITHUB_OUTPUT"
- name: Sync labels and comment
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
env:
RESULT_JSON: ${{ steps.evaluation.outputs.result }}
with:
script: |
const managedLabels = {
'external-plugin': {
color: 'FEF2C0',
description: 'Public external plugin submission'
},
'awaiting-review': {
color: 'FBCA04',
description: 'Submission is waiting for automated intake validation'
},
'ready-for-review': {
color: '0E8A16',
description: 'Submission passed intake validation and is ready for maintainer review'
},
'approved': {
color: '1D76DB',
description: 'Submission was approved by a maintainer'
},
'rejected': {
color: 'B60205',
description: 'Submission was rejected or failed intake validation'
}
};
async function ensureLabel(name, config) {
try {
await github.rest.issues.createLabel({
owner: context.repo.owner,
repo: context.repo.repo,
name,
color: config.color,
description: config.description
});
} catch (error) {
if (error.status !== 422) {
throw error;
}
}
}
async function syncManagedLabels(issueNumber, desiredLabels) {
await Promise.all(Object.entries(managedLabels).map(([name, config]) => ensureLabel(name, config)));
const managedForSync = ['external-plugin', 'awaiting-review', 'ready-for-review', 'rejected'];
const currentLabels = await github.paginate(github.rest.issues.listLabelsOnIssue, {
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issueNumber,
per_page: 100
});
const currentManagedLabels = currentLabels
.map((label) => label.name)
.filter((name) => managedForSync.includes(name));
const labelsToAdd = [...desiredLabels].filter((name) => !currentManagedLabels.includes(name));
const labelsToRemove = currentManagedLabels.filter((name) => !desiredLabels.has(name));
if (labelsToAdd.length > 0) {
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issueNumber,
labels: labelsToAdd
});
}
for (const name of labelsToRemove) {
await github.rest.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issueNumber,
name
});
}
}
const result = JSON.parse(process.env.RESULT_JSON);
const issueNumber = context.issue.number;
const issueState = context.payload.issue.state;
const action = context.payload.action;
const existingLabelNames = (context.payload.issue.labels || []).map((label) => label.name);
if (existingLabelNames.includes('approved')) {
core.info('Issue is already approved; skipping intake synchronization.');
return;
}
if (issueState === 'closed' && action !== 'reopened') {
core.info('Issue is closed; waiting for reopen before rerunning intake synchronization.');
return;
}
const desiredLabels = result.valid
? new Set(['external-plugin', 'ready-for-review'])
: new Set(['external-plugin', 'rejected']);
await syncManagedLabels(issueNumber, desiredLabels);
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issueNumber,
per_page: 100
});
const existingComment = comments.find((comment) =>
comment.user?.login === 'github-actions[bot]' &&
comment.body?.includes(result.commentMarker)
);
if (existingComment) {
await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: existingComment.id,
body: result.commentBody
});
} else {
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issueNumber,
body: result.commentBody
});
}
if (!result.valid && issueState === 'open') {
await github.rest.issues.update({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issueNumber,
state: 'closed'
});
}
.github/workflows/external-plugin-rereview-command.yml
+333
View File
@@ -0,0 +1,333 @@
name: External Plugin Re-review Commands
on:
issue_comment:
types: [created]
permissions:
contents: write
issues: write
pull-requests: write
jobs:
handle-command:
runs-on: ubuntu-latest
if: >-
!github.event.issue.pull_request &&
contains(github.event.comment.body, '/re-review-')
steps:
- name: Checkout staged branch
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
ref: staged
fetch-depth: 0
- name: Setup Node.js
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: 22
cache: npm
- name: Parse re-review command
id: parse
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
with:
script: |
const path = require('path');
const { pathToFileURL } = require('url');
const rereview = await import(pathToFileURL(path.join(process.env.GITHUB_WORKSPACE, 'eng', 'external-plugin-rereview.mjs')).href);
const validation = await import(pathToFileURL(path.join(process.env.GITHUB_WORKSPACE, 'eng', 'external-plugin-validation.mjs')).href);
const command = rereview.parseRereviewCommand(context.payload.comment.body);
core.setOutput('should-run', 'false');
if (!command) {
core.info('No supported re-review command was found.');
return;
}
const permission = await github.rest.repos.getCollaboratorPermissionLevel({
owner: context.repo.owner,
repo: context.repo.repo,
username: context.payload.comment.user.login
});
const hasWriteAccess = ['admin', 'write', 'maintain'].includes(permission.data.permission);
if (!hasWriteAccess) {
core.info(`Ignoring ${command} because ${context.payload.comment.user.login} does not have write access.`);
return;
}
const labelNames = new Set((context.payload.issue.labels || []).map((label) => label.name));
if (!labelNames.has('external-plugin') || !labelNames.has('approved')) {
core.info('Ignoring command because the issue is not an approved external plugin submission.');
return;
}
const inRereviewQueue =
labelNames.has('re-review-due') ||
labelNames.has('re-review-follow-up');
if (!inRereviewQueue) {
core.info(`Ignoring ${command} because the issue is not currently in the six-month re-review queue.`);
return;
}
const { plugins, errors } = validation.readExternalPlugins({ policy: 'marketplace' });
if (errors.length > 0) {
core.setFailed(errors.join('\n'));
return;
}
const currentIssue = await github.rest.issues.get({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number
});
const match = rereview.matchExternalPluginForIssue(currentIssue.data, plugins);
const plugin = match.plugin;
const fallbackName = match.submission.pluginName ?? `issue-${context.issue.number}`;
core.setOutput('should-run', 'true');
core.setOutput('command', command);
core.setOutput('has-plugin', plugin ? 'true' : 'false');
core.setOutput('plugin-name', plugin?.name ?? fallbackName);
core.setOutput('plugin-slug', rereview.slugifyPluginName(plugin?.name ?? fallbackName));
core.setOutput('source-repo', plugin?.source?.repo ?? match.submission.sourceRepo ?? '');
- name: Renew six-month review window
if: steps.parse.outputs.should-run == 'true' && steps.parse.outputs.command == 'keep'
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
env:
PLUGIN_NAME: ${{ steps.parse.outputs.plugin-name }}
HAS_PLUGIN: ${{ steps.parse.outputs.has-plugin }}
with:
script: |
const pluginName = process.env.PLUGIN_NAME;
const hasPlugin = process.env.HAS_PLUGIN === 'true';
async function removeLabel(name) {
try {
await github.rest.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
name
});
} catch (error) {
if (error.status !== 404) {
throw error;
}
}
}
if (!hasPlugin) {
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: `Could not find a current \`plugins/external.json\` entry for **${pluginName}**, so the six-month re-review window was not reset. Review the listing manually before retrying.`
});
return;
}
await github.rest.issues.update({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
state: 'open'
});
await github.rest.issues.update({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
state: 'closed'
});
await removeLabel('re-review-due');
await removeLabel('re-review-follow-up');
await removeLabel('removed');
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: `Renewed **${pluginName}** for another six months by reopening and reclosing this approved submission issue.`
});
- name: Mark follow-up needed
if: steps.parse.outputs.should-run == 'true' && steps.parse.outputs.command == 'needs-changes'
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
env:
PLUGIN_NAME: ${{ steps.parse.outputs.plugin-name }}
with:
script: |
const managedLabels = {
're-review-due': {
color: 'FBCA04',
description: 'Approved external plugin is due for six-month re-review'
},
're-review-follow-up': {
color: 'D4C5F9',
description: 'Six-month re-review needs maintainer follow-up before a final decision'
}
};
async function ensureLabel(name, config) {
try {
await github.rest.issues.createLabel({
owner: context.repo.owner,
repo: context.repo.repo,
name,
color: config.color,
description: config.description
});
} catch (error) {
if (error.status !== 422) {
throw error;
}
}
}
await Promise.all(Object.entries(managedLabels).map(([name, config]) => ensureLabel(name, config)));
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
labels: ['re-review-due', 're-review-follow-up']
});
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: `Marked **${process.env.PLUGIN_NAME}** as needing follow-up. The plugin will stay in the six-month re-review queue until a maintainer comments \`/re-review-keep\` or \`/re-review-remove\`.`
});
- name: Install dependencies
if: steps.parse.outputs.should-run == 'true' && steps.parse.outputs.command == 'remove' && steps.parse.outputs.has-plugin == 'true'
run: npm ci
- name: Remove plugin and create PR
id: remove_pr
if: steps.parse.outputs.should-run == 'true' && steps.parse.outputs.command == 'remove' && steps.parse.outputs.has-plugin == 'true'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
plugin_name='${{ steps.parse.outputs.plugin-name }}'
plugin_slug='${{ steps.parse.outputs.plugin-slug }}'
source_repo='${{ steps.parse.outputs.source-repo }}'
issue_number='${{ github.event.issue.number }}'
branch="automation/external-plugin-rereview-remove-${issue_number}-${plugin_slug}"
node ./eng/external-plugin-rereview.mjs remove --plugin-name "$plugin_name" --source-repo "$source_repo" --file ./plugins/external.json
npm run build
bash eng/fix-line-endings.sh
if git diff --quiet; then
echo "changed=false" >> "$GITHUB_OUTPUT"
exit 0
fi
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git checkout -B "$branch"
git add -A
git commit -m "Remove external plugin ${plugin_name} after six-month re-review"
git push --force-with-lease origin "$branch"
pr_url=$(gh pr list --head "$branch" --base staged --json url --jq '.[0].url')
if [ -z "$pr_url" ]; then
pr_body=$(printf '%s\n' \
'## Summary' \
'' \
"- remove \`${plugin_name}\` from \`plugins/external.json\`" \
'- regenerate marketplace outputs after the six-month re-review decision' \
"- closes #${issue_number} review follow-up for this listing")
pr_url=$(gh pr create \
--base staged \
--head "$branch" \
--title "[external-plugin] Remove ${plugin_name} after re-review" \
--body "$pr_body")
fi
echo "changed=true" >> "$GITHUB_OUTPUT"
echo "pr-url=$pr_url" >> "$GITHUB_OUTPUT"
- name: Finalize removal
if: steps.parse.outputs.should-run == 'true' && steps.parse.outputs.command == 'remove'
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
env:
CHANGED: ${{ steps.remove_pr.outputs.changed }}
PR_URL: ${{ steps.remove_pr.outputs.pr-url }}
PLUGIN_NAME: ${{ steps.parse.outputs.plugin-name }}
HAS_PLUGIN: ${{ steps.parse.outputs.has-plugin }}
with:
script: |
async function ensureLabel(name, color, description) {
try {
await github.rest.issues.createLabel({
owner: context.repo.owner,
repo: context.repo.repo,
name,
color,
description
});
} catch (error) {
if (error.status !== 422) {
throw error;
}
}
}
async function removeLabel(name) {
try {
await github.rest.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
name
});
} catch (error) {
if (error.status !== 404) {
throw error;
}
}
}
const changed = process.env.CHANGED === 'true';
const prUrl = process.env.PR_URL;
const pluginName = process.env.PLUGIN_NAME;
const hasPlugin = process.env.HAS_PLUGIN === 'true';
let body;
if (!hasPlugin || !changed) {
await ensureLabel('removed', 'B60205', 'External plugin was removed from the marketplace after re-review');
await removeLabel('approved');
await removeLabel('re-review-due');
await removeLabel('re-review-follow-up');
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
labels: ['removed']
});
body = `Marked **${pluginName}** as removed. No new PR was needed because the listing is already absent from \`plugins/external.json\`.`;
} else {
await ensureLabel('re-review-follow-up', 'D4C5F9', 'Six-month re-review needs maintainer follow-up before a final decision');
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
labels: ['re-review-due', 're-review-follow-up']
});
body = `Opened the removal PR for **${pluginName}**: ${prUrl}. The issue remains approved and due for re-review until that removal lands in \`staged\`.`;
}
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body
});
.github/workflows/external-plugin-rereview.yml
+271
View File
@@ -0,0 +1,271 @@
name: External Plugin Re-review
on:
schedule:
- cron: "23 4 * * *"
workflow_dispatch:
permissions:
contents: read
issues: write
jobs:
sync-rereview:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- name: Sync six-month re-review queue
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
with:
script: |
const path = require('path');
const { pathToFileURL } = require('url');
const rereview = await import(pathToFileURL(path.join(process.env.GITHUB_WORKSPACE, 'eng', 'external-plugin-rereview.mjs')).href);
const validation = await import(pathToFileURL(path.join(process.env.GITHUB_WORKSPACE, 'eng', 'external-plugin-validation.mjs')).href);
const managedLabels = {
[rereview.REREVIEW_LABELS.due]: {
color: 'FBCA04',
description: 'Approved external plugin is due for six-month re-review'
},
[rereview.REREVIEW_LABELS.followUp]: {
color: 'D4C5F9',
description: 'Six-month re-review needs maintainer follow-up before a final decision'
},
[rereview.REREVIEW_LABELS.removed]: {
color: 'B60205',
description: 'External plugin was removed from the marketplace after re-review'
}
};
async function ensureLabel(name, config) {
try {
await github.rest.issues.createLabel({
owner: context.repo.owner,
repo: context.repo.repo,
name,
color: config.color,
description: config.description
});
} catch (error) {
if (error.status !== 422) {
throw error;
}
}
}
async function removeLabel(issueNumber, label) {
try {
await github.rest.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issueNumber,
name: label
});
} catch (error) {
if (error.status !== 404) {
throw error;
}
}
}
async function addLabel(issueNumber, label) {
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issueNumber,
labels: [label]
});
}
function formatDate(dateValue) {
return new Date(dateValue).toISOString().slice(0, 10);
}
function daysPastThreshold(closedAt, threshold) {
const diff = Date.parse(threshold.toISOString()) - Date.parse(closedAt);
return Math.max(0, Math.floor(Math.abs(diff) / (1000 * 60 * 60 * 24)));
}
await Promise.all(Object.entries(managedLabels).map(([name, config]) => ensureLabel(name, config)));
const { plugins, errors } = validation.readExternalPlugins({ policy: 'marketplace' });
if (errors.length > 0) {
core.setFailed(errors.join('\n'));
return;
}
const threshold = new Date();
threshold.setUTCDate(threshold.getUTCDate() - 183);
const approvedIssues = await github.paginate(github.rest.issues.listForRepo, {
owner: context.repo.owner,
repo: context.repo.repo,
state: 'closed',
labels: 'external-plugin,approved',
per_page: 100
});
const issueRecords = approvedIssues
.filter((issue) => !issue.pull_request && issue.closed_at)
.map((issue) => {
const match = rereview.matchExternalPluginForIssue(issue, plugins);
return {
issue,
match
};
});
const dueRecords = issueRecords.filter(({ issue, match }) => {
if (!match.plugin) {
return false;
}
return Date.parse(issue.closed_at) <= threshold.getTime();
});
const unmatchedDueRecords = issueRecords.filter(({ issue, match }) => {
if (match.plugin) {
return false;
}
return Date.parse(issue.closed_at) <= threshold.getTime();
});
const dueIssueNumbers = new Set([
...dueRecords.map((record) => record.issue.number),
...unmatchedDueRecords.map((record) => record.issue.number)
]);
for (const { issue, match } of issueRecords) {
const labelNames = new Set((issue.labels || []).map((label) => label.name));
const shouldHaveDueLabel = dueIssueNumbers.has(issue.number);
if (shouldHaveDueLabel && !labelNames.has(rereview.REREVIEW_LABELS.due)) {
await addLabel(issue.number, rereview.REREVIEW_LABELS.due);
}
if (!shouldHaveDueLabel && labelNames.has(rereview.REREVIEW_LABELS.due)) {
await removeLabel(issue.number, rereview.REREVIEW_LABELS.due);
}
if (shouldHaveDueLabel && match.plugin && labelNames.has(rereview.REREVIEW_LABELS.removed)) {
await removeLabel(issue.number, rereview.REREVIEW_LABELS.removed);
}
}
const openIssues = await github.paginate(github.rest.issues.listForRepo, {
owner: context.repo.owner,
repo: context.repo.repo,
state: 'open',
per_page: 100
});
const existingTrackerIssues = openIssues
.filter((issue) => !issue.pull_request && issue.body?.includes(rereview.REREVIEW_REPORT_MARKER))
.sort((left, right) => left.number - right.number);
if (dueRecords.length === 0 && unmatchedDueRecords.length === 0) {
for (const tracker of existingTrackerIssues) {
await github.rest.issues.update({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: tracker.number,
state: 'closed'
});
}
core.info('No external plugins are currently due for six-month re-review.');
return;
}
const dueRows = dueRecords
.sort((left, right) => Date.parse(left.issue.closed_at) - Date.parse(right.issue.closed_at))
.map(({ issue, match }) => {
const labelNames = new Set((issue.labels || []).map((label) => label.name));
const status = labelNames.has(rereview.REREVIEW_LABELS.followUp) ? 'Needs follow-up' : 'Awaiting decision';
const repo = match.plugin.source?.repo ?? match.submission.sourceRepo ?? '_unknown_';
return `| ${match.plugin.name} | ${match.plugin.version} | \`${repo}\` | #${issue.number} | ${formatDate(issue.closed_at)} | ${daysPastThreshold(issue.closed_at, threshold)} | ${status} |`;
});
const unmatchedRows = unmatchedDueRecords
.sort((left, right) => Date.parse(left.issue.closed_at) - Date.parse(right.issue.closed_at))
.map(({ issue, match }) => {
const pluginName = match.submission.pluginName ?? '_unknown_';
const repo = match.submission.sourceRepo ? `\`${match.submission.sourceRepo}\`` : '_unknown_';
return `| #${issue.number} | ${pluginName} | ${repo} | ${formatDate(issue.closed_at)} |`;
});
const body = [
rereview.REREVIEW_REPORT_MARKER,
'## 🔁 External plugin six-month re-review queue',
'',
'The following approved external plugin submissions have reached the six-month re-review threshold.',
'Review the linked plugin, then comment on the **original approved submission issue** with one of:',
'',
`- \`${rereview.REREVIEW_COMMANDS.keep}\` — renew the plugin for another six months`,
`- \`${rereview.REREVIEW_COMMANDS.needsChanges}\` — keep the plugin in the due queue while follow-up work happens`,
`- \`${rereview.REREVIEW_COMMANDS.remove}\` — open or update a PR against \`staged\` that removes the plugin from the marketplace`,
'',
`- **Threshold date used by this run:** ${formatDate(threshold.toISOString())}`,
'',
'### Plugins due now',
'',
dueRows.length > 0
? [
'| Plugin | Version | Source repo | Submission issue | Closed at | Days past threshold | Status |',
'|---|---|---|---:|---|---:|---|',
...dueRows
].join('\n')
: '_No currently listed plugins are due right now._',
unmatchedRows.length > 0
? [
'',
'### Approved issues without a current marketplace match',
'',
'These closed approved issues are older than six months, but no matching entry was found in `plugins/external.json`. Review them manually if the listing was renamed or removed outside the re-review flow.',
'',
'| Submission issue | Parsed plugin name | Parsed repo | Closed at |',
'|---:|---|---|---|',
...unmatchedRows
].join('\n')
: '',
].filter(Boolean).join('\n');
if (existingTrackerIssues.length > 0) {
const [primary, ...duplicates] = existingTrackerIssues;
await github.rest.issues.update({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: primary.number,
title: '🔁 External Plugin Six-Month Review',
body,
labels: [rereview.REREVIEW_LABELS.due]
});
for (const duplicate of duplicates) {
await github.rest.issues.update({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: duplicate.number,
state: 'closed'
});
}
core.info(`Updated re-review tracker issue #${primary.number}.`);
return;
}
const created = await github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: '🔁 External Plugin Six-Month Review',
body,
labels: [rereview.REREVIEW_LABELS.due]
});
core.info(`Created re-review tracker issue #${created.data.number}.`);