Post rollouts to PR #190

Workflow file for this run

.github/workflows/post-rollouts.yml at 56c81f7

	---
	name: Post rollouts to PR
	on:
	workflow_run:
	workflows: ["Print rollouts"]
	types:
	- completed

	permissions:
	pull-requests: write

	# Privileged second part of print-rollouts.yml. Architecture and code from
	# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

	jobs:
	post-rollouts:
	name: Post rollouts to PR
	runs-on: ubuntu-latest
	if: ${{ github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' }}
	steps:
	- name: Download state
	uses: actions/github-script@v6
	with:
	script: \|
	var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
	owner: context.repo.owner,
	repo: context.repo.repo,
	run_id: ${{github.event.workflow_run.id}},
	});
	var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
	return artifact.name == "validation-results"
	})[0];
	var download = await github.rest.actions.downloadArtifact({
	owner: context.repo.owner,
	repo: context.repo.repo,
	artifact_id: matchArtifact.id,
	archive_format: 'zip',
	});
	var fs = require('fs');
	fs.writeFileSync('${{github.workspace}}/validation-results.zip', Buffer.from(download.data));
	- name: Unpack state
	run: \|
	set -euo pipefail
	mkdir validation-results
	cd validation-results
	unzip ../validation-results.zip
	- name: Comment on PR
	uses: actions/github-script@v6
	with:
	script: \|
	var fs = require('fs');
	var pr_number = Number(fs.readFileSync('validation-results/PR'));
	var rollouts = fs.readFileSync('validation-results/rollouts');
	await github.rest.issues.createComment({
	owner: context.repo.owner,
	repo: context.repo.repo,
	issue_number: pr_number,
	body: '```\n' + rollouts + '```'
	});

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Post rollouts to PR #190

Workflow file

Post rollouts to PR #190

Jobs

Run details

Workflow file for this run