mirror of
https://github.com/github/awesome-copilot.git
synced 2026-05-28 17:41:45 +00:00
github-actions[bot]
610 lines
24 KiB
YAML
610 lines
24 KiB
YAML
name: External Plugin Approval Commands
|
|
|
|
on:
|
|
issue_comment:
|
|
types: [created]
|
|
pull_request:
|
|
types: [closed]
|
|
|
|
concurrency:
|
|
group: external-plugin-intake-${{ github.event.issue.number }}
|
|
cancel-in-progress: false
|
|
|
|
permissions:
|
|
contents: write
|
|
issues: write
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
handle-command:
|
|
runs-on: ubuntu-latest
|
|
if: >-
|
|
github.event_name == 'issue_comment' &&
|
|
!github.event.issue.pull_request &&
|
|
(contains(github.event.comment.body, '/approve') || contains(github.event.comment.body, '/reject'))
|
|
steps:
|
|
- name: Checkout staged branch
|
|
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
|
|
with:
|
|
ref: staged
|
|
fetch-depth: 0
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
|
|
with:
|
|
node-version: 22
|
|
cache: npm
|
|
|
|
- name: Parse decision command
|
|
id: parse
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
|
|
with:
|
|
script: |
|
|
const path = require('path');
|
|
const { pathToFileURL } = require('url');
|
|
|
|
const approval = await import(pathToFileURL(path.join(process.env.GITHUB_WORKSPACE, 'eng', 'external-plugin-approval.mjs')).href);
|
|
const intake = await import(pathToFileURL(path.join(process.env.GITHUB_WORKSPACE, 'eng', 'external-plugin-intake.mjs')).href);
|
|
const parsedCommand = approval.parseDecisionCommand(context.payload.comment.body);
|
|
|
|
core.setOutput('should-run', 'false');
|
|
if (!parsedCommand) {
|
|
core.info('No supported external plugin approval command was found.');
|
|
return;
|
|
}
|
|
|
|
const permission = await github.rest.repos.getCollaboratorPermissionLevel({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
username: context.payload.comment.user.login
|
|
});
|
|
|
|
const hasWriteAccess = ['admin', 'write', 'maintain'].includes(permission.data.permission);
|
|
if (!hasWriteAccess) {
|
|
core.info(`Ignoring ${parsedCommand.command} because ${context.payload.comment.user.login} does not have write access.`);
|
|
return;
|
|
}
|
|
|
|
const currentIssue = await github.rest.issues.get({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: context.issue.number
|
|
});
|
|
|
|
const labelNames = new Set((currentIssue.data.labels || []).map((label) => label.name));
|
|
if (!labelNames.has('external-plugin')) {
|
|
core.info('Ignoring command because the issue is not an external plugin submission.');
|
|
return;
|
|
}
|
|
|
|
const evaluation = await intake.evaluateExternalPluginIssue({
|
|
issue: currentIssue.data,
|
|
token: process.env.GITHUB_TOKEN
|
|
});
|
|
|
|
const fallbackName = evaluation.plugin?.name ?? `issue-${context.issue.number}`;
|
|
const canApprove = labelNames.has('ready-for-review') || labelNames.has('approved');
|
|
const canReject = !labelNames.has('approved');
|
|
|
|
if (parsedCommand.command === 'approve' && !canApprove) {
|
|
core.info('Ignoring /approve because the issue is not ready for review.');
|
|
return;
|
|
}
|
|
|
|
if (parsedCommand.command === 'reject' && !canReject) {
|
|
core.info('Ignoring /reject because the issue is already approved.');
|
|
return;
|
|
}
|
|
|
|
core.setOutput('should-run', 'true');
|
|
core.setOutput('command', parsedCommand.command);
|
|
core.setOutput('reason', parsedCommand.reason ?? '');
|
|
core.setOutput('validation-valid', evaluation.valid ? 'true' : 'false');
|
|
core.setOutput('validation-errors', JSON.stringify(evaluation.errors));
|
|
core.setOutput('plugin-name', fallbackName);
|
|
core.setOutput('plugin-slug', approval.slugifyPluginName(fallbackName));
|
|
core.setOutput('source-repo', evaluation.plugin?.source?.repo ?? '');
|
|
|
|
- name: Comment blocked approval
|
|
if: steps.parse.outputs.should-run == 'true' && steps.parse.outputs.command == 'approve' && steps.parse.outputs.validation-valid != 'true'
|
|
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
|
|
env:
|
|
VALIDATION_ERRORS: ${{ steps.parse.outputs.validation-errors }}
|
|
PLUGIN_NAME: ${{ steps.parse.outputs.plugin-name }}
|
|
with:
|
|
script: |
|
|
const marker = '<!-- external-plugin-approval-blocked -->';
|
|
const errors = JSON.parse(process.env.VALIDATION_ERRORS || '[]');
|
|
const body = [
|
|
marker,
|
|
'## ⚠️ External plugin approval blocked',
|
|
'',
|
|
`The current issue form for **${process.env.PLUGIN_NAME}** no longer passes automated intake validation, so \`/approve\` was not applied.`,
|
|
'',
|
|
'### Required fixes',
|
|
'',
|
|
...(errors.length > 0 ? errors.map((error) => `- ${error}`) : ['- Edit the issue details and let intake rerun automatically, or comment `/rerun-intake` to trigger it again on demand.'])
|
|
].join('\n');
|
|
|
|
const { data: comments } = await github.rest.issues.listComments({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: context.issue.number,
|
|
per_page: 100
|
|
});
|
|
|
|
const existingComment = comments.find((comment) =>
|
|
comment.user?.login === 'github-actions[bot]' &&
|
|
comment.body?.includes(marker)
|
|
);
|
|
|
|
if (existingComment) {
|
|
await github.rest.issues.updateComment({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
comment_id: existingComment.id,
|
|
body
|
|
});
|
|
} else {
|
|
await github.rest.issues.createComment({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: context.issue.number,
|
|
body
|
|
});
|
|
}
|
|
|
|
- name: Install dependencies
|
|
if: steps.parse.outputs.should-run == 'true' && steps.parse.outputs.command == 'approve' && steps.parse.outputs.validation-valid == 'true'
|
|
run: npm ci
|
|
|
|
- name: Update external plugin catalog and PR
|
|
id: approval_pr
|
|
if: steps.parse.outputs.should-run == 'true' && steps.parse.outputs.command == 'approve' && steps.parse.outputs.validation-valid == 'true'
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
result=$(node ./eng/external-plugin-approval.mjs approve "$GITHUB_EVENT_PATH" --file ./plugins/external.json)
|
|
{
|
|
echo 'result<<EOF'
|
|
echo "$result"
|
|
echo 'EOF'
|
|
} >> "$GITHUB_OUTPUT"
|
|
|
|
plugin_name=$(node -e "const data = JSON.parse(process.argv[1]); process.stdout.write(data.plugin.name);" "$result")
|
|
action=$(node -e "const data = JSON.parse(process.argv[1]); process.stdout.write(data.action);" "$result")
|
|
source_repo=$(node -e "const data = JSON.parse(process.argv[1]); process.stdout.write(data.plugin.source.repo);" "$result")
|
|
plugin_slug='${{ steps.parse.outputs.plugin-slug }}'
|
|
issue_number='${{ github.event.issue.number }}'
|
|
branch="automation/external-plugin-approve-${issue_number}-${plugin_slug}"
|
|
|
|
if [ "$action" = "inserted" ]; then
|
|
title_action="Add"
|
|
summary_action="add"
|
|
else
|
|
title_action="Update"
|
|
summary_action="update"
|
|
fi
|
|
|
|
npm run build
|
|
bash eng/fix-line-endings.sh
|
|
|
|
pr_url=""
|
|
pr_number=""
|
|
if git diff --quiet; then
|
|
pr_number=$(gh pr list --head "$branch" --base staged --json number --jq '.[0].number')
|
|
if [ -n "$pr_number" ]; then
|
|
pr_url=$(gh pr view "$pr_number" --json url --jq '.url')
|
|
fi
|
|
echo "changed=false" >> "$GITHUB_OUTPUT"
|
|
echo "plugin-name=$plugin_name" >> "$GITHUB_OUTPUT"
|
|
echo "action=$action" >> "$GITHUB_OUTPUT"
|
|
echo "source-repo=$source_repo" >> "$GITHUB_OUTPUT"
|
|
echo "pr-url=$pr_url" >> "$GITHUB_OUTPUT"
|
|
echo "pr-number=$pr_number" >> "$GITHUB_OUTPUT"
|
|
exit 0
|
|
fi
|
|
|
|
git config user.name "github-actions[bot]"
|
|
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
|
git checkout -B "$branch"
|
|
git add -A
|
|
git commit -m "${title_action} external plugin ${plugin_name}"
|
|
git push --force-with-lease origin "$branch"
|
|
|
|
pr_number=$(gh pr list --head "$branch" --base staged --json number --jq '.[0].number')
|
|
pr_body=$(cat <<EOF
|
|
## Summary
|
|
|
|
- ${summary_action} \`${plugin_name}\` in \`plugins/external.json\`
|
|
- regenerate marketplace outputs for the approved external plugin submission
|
|
- source repository: \`${source_repo}\`
|
|
- approved from #${issue_number}
|
|
|
|
## Validation
|
|
|
|
- npm run build
|
|
EOF
|
|
)
|
|
|
|
if [ -n "$pr_number" ]; then
|
|
gh pr edit "$pr_number" \
|
|
--title "[external-plugin] ${title_action} ${plugin_name}" \
|
|
--body "$pr_body"
|
|
pr_url=$(gh pr view "$pr_number" --json url --jq '.url')
|
|
else
|
|
pr_url=$(gh pr create \
|
|
--base staged \
|
|
--head "$branch" \
|
|
--title "[external-plugin] ${title_action} ${plugin_name}" \
|
|
--body "$pr_body")
|
|
pr_number=$(gh pr view "$branch" --json number --jq '.number')
|
|
fi
|
|
|
|
echo "changed=true" >> "$GITHUB_OUTPUT"
|
|
echo "plugin-name=$plugin_name" >> "$GITHUB_OUTPUT"
|
|
echo "action=$action" >> "$GITHUB_OUTPUT"
|
|
echo "source-repo=$source_repo" >> "$GITHUB_OUTPUT"
|
|
echo "pr-url=$pr_url" >> "$GITHUB_OUTPUT"
|
|
echo "pr-number=$pr_number" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Finalize approval
|
|
if: steps.parse.outputs.should-run == 'true' && steps.parse.outputs.command == 'approve' && steps.parse.outputs.validation-valid == 'true'
|
|
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
|
|
env:
|
|
CHANGED: ${{ steps.approval_pr.outputs.changed }}
|
|
ACTION: ${{ steps.approval_pr.outputs.action }}
|
|
PLUGIN_NAME: ${{ steps.approval_pr.outputs.plugin-name }}
|
|
SOURCE_REPO: ${{ steps.approval_pr.outputs.source-repo }}
|
|
PR_URL: ${{ steps.approval_pr.outputs.pr-url }}
|
|
PR_NUMBER: ${{ steps.approval_pr.outputs.pr-number }}
|
|
with:
|
|
script: |
|
|
const managedLabels = {
|
|
'external-plugin': {
|
|
color: 'FEF2C0',
|
|
description: 'Public external plugin submission'
|
|
},
|
|
'awaiting-review': {
|
|
color: 'FBCA04',
|
|
description: 'Submission is waiting for automated intake validation'
|
|
},
|
|
'ready-for-review': {
|
|
color: '0E8A16',
|
|
description: 'Submission passed intake validation and is ready for maintainer review'
|
|
},
|
|
'requires-submitter-fixes': {
|
|
color: 'D93F0B',
|
|
description: 'Submission has quality-gate findings that submitter must fix before maintainer review'
|
|
},
|
|
'approved': {
|
|
color: '1D76DB',
|
|
description: 'Submission was approved by a maintainer'
|
|
},
|
|
'rejected': {
|
|
color: 'B60205',
|
|
description: 'Submission was rejected or failed intake validation'
|
|
}
|
|
};
|
|
|
|
async function ensureLabel(name, config) {
|
|
try {
|
|
await github.rest.issues.createLabel({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
name,
|
|
color: config.color,
|
|
description: config.description
|
|
});
|
|
} catch (error) {
|
|
if (error.status !== 422) {
|
|
throw error;
|
|
}
|
|
}
|
|
}
|
|
|
|
async function removeLabel(issueNumber, name) {
|
|
try {
|
|
await github.rest.issues.removeLabel({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: issueNumber,
|
|
name
|
|
});
|
|
} catch (error) {
|
|
if (error.status !== 404) {
|
|
throw error;
|
|
}
|
|
}
|
|
}
|
|
|
|
async function syncIssueLabels(issueNumber, desiredLabels) {
|
|
await Promise.all(Object.entries(managedLabels).map(([name, config]) => ensureLabel(name, config)));
|
|
|
|
const currentLabels = await github.paginate(github.rest.issues.listLabelsOnIssue, {
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: issueNumber,
|
|
per_page: 100
|
|
});
|
|
|
|
const currentManagedLabels = currentLabels
|
|
.map((label) => label.name)
|
|
.filter((name) => Object.prototype.hasOwnProperty.call(managedLabels, name));
|
|
|
|
const labelsToAdd = [...desiredLabels].filter((name) => !currentManagedLabels.includes(name));
|
|
const labelsToRemove = currentManagedLabels.filter((name) => !desiredLabels.has(name));
|
|
|
|
if (labelsToAdd.length > 0) {
|
|
await github.rest.issues.addLabels({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: issueNumber,
|
|
labels: labelsToAdd
|
|
});
|
|
}
|
|
|
|
for (const name of labelsToRemove) {
|
|
await removeLabel(issueNumber, name);
|
|
}
|
|
}
|
|
|
|
const issueNumber = context.issue.number;
|
|
const prNumber = Number(process.env.PR_NUMBER || 0);
|
|
const marker = '<!-- external-plugin-approval -->';
|
|
const action = process.env.ACTION === 'updated' ? 'updated' : 'added';
|
|
const prUrl = process.env.PR_URL;
|
|
const body = [
|
|
marker,
|
|
'## ✅ External plugin approved',
|
|
'',
|
|
`A maintainer approved **${process.env.PLUGIN_NAME}**, and the submission issue has been closed.`,
|
|
'',
|
|
`- **Catalog action:** ${action}`,
|
|
`- **Source repository:** \`${process.env.SOURCE_REPO}\``,
|
|
prUrl
|
|
? `- **PR against \`staged\`:** ${prUrl}`
|
|
: '- **PR against `staged`:** No new PR was needed because the approved listing is already present.'
|
|
].join('\n');
|
|
|
|
await syncIssueLabels(issueNumber, new Set(['external-plugin', 'approved']));
|
|
|
|
if (prNumber > 0) {
|
|
await github.rest.issues.addLabels({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: prNumber,
|
|
labels: ['external-plugin', 'awaiting-review']
|
|
});
|
|
}
|
|
|
|
const { data: comments } = await github.rest.issues.listComments({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: issueNumber,
|
|
per_page: 100
|
|
});
|
|
|
|
const existingComment = comments.find((comment) =>
|
|
comment.user?.login === 'github-actions[bot]' &&
|
|
comment.body?.includes(marker)
|
|
);
|
|
|
|
if (existingComment) {
|
|
await github.rest.issues.updateComment({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
comment_id: existingComment.id,
|
|
body
|
|
});
|
|
} else {
|
|
await github.rest.issues.createComment({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: issueNumber,
|
|
body
|
|
});
|
|
}
|
|
|
|
if (context.payload.issue.state !== 'closed') {
|
|
await github.rest.issues.update({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: issueNumber,
|
|
state: 'closed'
|
|
});
|
|
}
|
|
|
|
sync-merged-pr-labels:
|
|
runs-on: ubuntu-latest
|
|
if: >-
|
|
github.event_name == 'pull_request' &&
|
|
github.event.action == 'closed' &&
|
|
github.event.pull_request.merged == true &&
|
|
contains(github.event.pull_request.labels.*.name, 'external-plugin')
|
|
steps:
|
|
- name: Normalize merged external plugin PR labels
|
|
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
|
|
with:
|
|
script: |
|
|
const prNumber = context.payload.pull_request.number;
|
|
const staleLabels = ['awaiting-review', 'awaiting-approval', 'ready-for-review', 'rejected'];
|
|
|
|
try {
|
|
await github.rest.issues.createLabel({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
name: 'approved',
|
|
color: '1D76DB',
|
|
description: 'Submission was approved by a maintainer'
|
|
});
|
|
} catch (error) {
|
|
if (error.status !== 422) {
|
|
throw error;
|
|
}
|
|
}
|
|
|
|
const { data: currentLabels } = await github.rest.issues.listLabelsOnIssue({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: prNumber,
|
|
per_page: 100
|
|
});
|
|
const labelNames = new Set(currentLabels.map((label) => label.name));
|
|
|
|
if (!labelNames.has('approved')) {
|
|
await github.rest.issues.addLabels({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: prNumber,
|
|
labels: ['approved']
|
|
});
|
|
}
|
|
|
|
for (const labelName of staleLabels) {
|
|
if (!labelNames.has(labelName)) {
|
|
continue;
|
|
}
|
|
|
|
await github.rest.issues.removeLabel({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: prNumber,
|
|
name: labelName
|
|
});
|
|
}
|
|
|
|
- name: Finalize rejection
|
|
if: steps.parse.outputs.should-run == 'true' && steps.parse.outputs.command == 'reject'
|
|
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
|
|
env:
|
|
REASON: ${{ steps.parse.outputs.reason }}
|
|
PLUGIN_NAME: ${{ steps.parse.outputs.plugin-name }}
|
|
with:
|
|
script: |
|
|
const managedLabels = {
|
|
'external-plugin': {
|
|
color: 'FEF2C0',
|
|
description: 'Public external plugin submission'
|
|
},
|
|
'awaiting-review': {
|
|
color: 'FBCA04',
|
|
description: 'Submission is waiting for automated intake validation'
|
|
},
|
|
'ready-for-review': {
|
|
color: '0E8A16',
|
|
description: 'Submission passed intake validation and is ready for maintainer review'
|
|
},
|
|
'requires-submitter-fixes': {
|
|
color: 'D93F0B',
|
|
description: 'Submission has quality-gate findings that submitter must fix before maintainer review'
|
|
},
|
|
'approved': {
|
|
color: '1D76DB',
|
|
description: 'Submission was approved by a maintainer'
|
|
},
|
|
'rejected': {
|
|
color: 'B60205',
|
|
description: 'Submission was rejected or failed intake validation'
|
|
}
|
|
};
|
|
|
|
async function ensureLabel(name, config) {
|
|
try {
|
|
await github.rest.issues.createLabel({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
name,
|
|
color: config.color,
|
|
description: config.description
|
|
});
|
|
} catch (error) {
|
|
if (error.status !== 422) {
|
|
throw error;
|
|
}
|
|
}
|
|
}
|
|
|
|
async function removeLabel(name) {
|
|
try {
|
|
await github.rest.issues.removeLabel({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: context.issue.number,
|
|
name
|
|
});
|
|
} catch (error) {
|
|
if (error.status !== 404) {
|
|
throw error;
|
|
}
|
|
}
|
|
}
|
|
|
|
await Promise.all(Object.entries(managedLabels).map(([name, config]) => ensureLabel(name, config)));
|
|
await github.rest.issues.addLabels({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: context.issue.number,
|
|
labels: ['external-plugin', 'rejected']
|
|
});
|
|
|
|
await removeLabel('awaiting-review');
|
|
await removeLabel('ready-for-review');
|
|
await removeLabel('requires-submitter-fixes');
|
|
await removeLabel('approved');
|
|
|
|
const marker = '<!-- external-plugin-rejection -->';
|
|
const reason = process.env.REASON || 'No additional reason was provided.';
|
|
const body = [
|
|
marker,
|
|
'## ❌ External plugin rejected',
|
|
'',
|
|
`A maintainer rejected **${process.env.PLUGIN_NAME}**, and the submission issue has been closed.`,
|
|
'',
|
|
'### Reason',
|
|
'',
|
|
reason,
|
|
'',
|
|
'If you address the feedback, edit this issue with the updated details and have the issue author or a maintainer comment `/rerun-intake` to re-run automated intake.'
|
|
].join('\n');
|
|
|
|
const { data: comments } = await github.rest.issues.listComments({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: context.issue.number,
|
|
per_page: 100
|
|
});
|
|
|
|
const existingComment = comments.find((comment) =>
|
|
comment.user?.login === 'github-actions[bot]' &&
|
|
comment.body?.includes(marker)
|
|
);
|
|
|
|
if (existingComment) {
|
|
await github.rest.issues.updateComment({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
comment_id: existingComment.id,
|
|
body
|
|
});
|
|
} else {
|
|
await github.rest.issues.createComment({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: context.issue.number,
|
|
body
|
|
});
|
|
}
|
|
|
|
if (context.payload.issue.state !== 'closed') {
|
|
await github.rest.issues.update({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: context.issue.number,
|
|
state: 'closed'
|
|
});
|
|
}
|