ci: add job summary to check status (#211)

* add initial draft with limited tests

Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com>

* replace `statuses` with `checks` permission

Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com>

* retry with `check_id` instead of `run_id`

Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com>

* merge script into "comment_tf_output" due to overlap of concerns

Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com>

* re-introduce placeholder summary as required

Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com>

* test with reduced `checks: read` permission

Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com>

* add `checks: write` permission to all example workflows

Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com>

* display comment output as a job summary

Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com>

* fix reference to whole comment_body instead of partial comment_output

Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com>

* revert tests ready for merge

Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com>

---------

Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com>

.github/examples/tf_via_pr_comments.yaml

@@ -14,6 +14,7 @@ jobs:
 
     permissions:
       actions: read # Required for workflow query and artifact download.
+      checks: write # Required for adding summary to check status.
       contents: read # Required for repository checkout.
       issues: read # Required for getting PR branch from issue comment.
       pull-requests: write # Required for commenting on PR.

.github/examples/tf_via_pr_comments_or_input.yaml

@@ -14,6 +14,7 @@ jobs:
 
     permissions:
       actions: read # Required for workflow query and artifact download.
+      checks: write # Required for adding summary to check status.
       contents: read # Required for repository checkout.
       issues: read # Required for getting PR branch from issue comment.
       pull-requests: write # Required for commenting on PR.

.github/examples/tf_via_pr_input.yaml

@@ -12,6 +12,7 @@ jobs:
 
     permissions:
       actions: read # Required for workflow query and artifact download.
+      checks: write # Required for adding summary to check status.
       contents: read # Required for repository checkout.
       id-token: write # Required for assuming AWS role via OIDC provider.
       pull-requests: write # Required for commenting on PR.

.github/examples/tf_via_pr_input_matrix.yaml

@@ -17,6 +17,7 @@ jobs:
 
     permissions:
       actions: read # Required for workflow query and artifact download.
+      checks: write # Required for adding summary to check status.
       contents: read # Required for repository checkout.
       pull-requests: write # Required for commenting on PR.
 

.github/workflows/tf_tests.yaml

@@ -23,10 +23,9 @@ jobs:
 
     permissions:
       actions: read # Required for workflow query and artifact download.
+      checks: write # Required for adding summary to check status.
       contents: read # Required for repository checkout.
-      issues: read # Required for getting PR branch from issue comment.
       pull-requests: write # Required for commenting on PR.
-      statuses: write # Required for setting commit status from issue comment.
 
     steps:
       - name: Checkout repository

action.yml

@@ -354,7 +354,7 @@ runs:
         retries: 3
         script: await require(`${process.env.GITHUB_ACTION_PATH}/scripts/remove_reaction.js`)({ github, context });
 
-    # On issue_comment, update commit status with job status before exiting.
+    # On issue_comment, update commit status with the job status before exiting.
     - name: Update commit status
       if: ${{ (success() || failure()) && github.event.issue.pull_request }}
       uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1

scripts/comment_tf_output.js

@@ -25,13 +25,25 @@ ${process.env.tf_fmt}
   });
   const matrix = JSON.parse(process.env.matrix);
   const job_name = `${context.job}${matrix ? ` (${Object.values(matrix).join(", ")})` : ""}`;
-  const job_url = workflow_run.jobs.find((job) => job.name === job_name).html_url;
+  const check_url = workflow_run.jobs.find((job) => job.name === job_name).html_url;
+  const check_id = workflow_run.jobs.find((job) => job.name === job_name).id;
+
+  // Update the check status with TF output summary.
+  const update_check_status = await github.rest.checks.update({
+    check_run_id: check_id,
+    output: {
+      summary: comment_summary,
+      title: comment_summary,
+    },
+    owner: context.repo.owner,
+    repo: context.repo.repo,
+  });
 
   // Display the: TF command, TF output, and workflow authorip.
   const comment_output = `
   <details><summary>${comment_summary}</br>
 
-###### ${context.workflow} by @${context.actor} via [${context.eventName}](${job_url}) at ${context.payload.pull_request?.updated_at || context.payload.comment?.updated_at}.</summary>
+###### ${context.workflow} by @${context.actor} via [${context.eventName}](${check_url}) at ${context.payload.pull_request?.updated_at || context.payload.comment?.updated_at}.</summary>
 
 \`\`\`hcl
 ${process.env.tf_output}
@@ -51,6 +63,10 @@ ${comment_output}
 
 <!-- ${process.env.tf_plan_id} -->`;
 
+  // Display the comment body as a job summary.
+  core.summary.addRaw(comment_body);
+  core.summary.write();
+
   // Check if the bot has commented on the PR using the TFPLAN identifier.
   const { data: list_comments } = await github.rest.issues.listComments({
     issue_number: context.issue.number,