ARM Auto SignOff #147045
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ARM Auto SignOff | |
| on: | |
| # Must run on pull_request_target instead of pull_request, since the latter cannot trigger on | |
| # labels from bot accounts in fork PRs. pull_request_target is also more similar to the other | |
| # trigger "workflow_run" -- they are both privileged and run in the target branch and repo -- | |
| # which simplifies implementation. | |
| pull_request_target: | |
| types: | |
| # Depends on labels, so must re-evaluate whenever a relevant label is manually added or removed. | |
| - labeled | |
| - unlabeled | |
| workflow_run: | |
| workflows: | |
| ["ARM Incremental TypeSpec", "Swagger Avocado - Set Status", "Swagger LintDiff - Set Status"] | |
| types: [completed] | |
| permissions: | |
| # actions.listWorkflowRunsForRepo | |
| # actions.listWorkflowRunArtifacts | |
| actions: read | |
| # default | |
| contents: read | |
| # issues.listLabelsOnIssue | |
| issues: read | |
| # issues.listLabelsOnIssue | |
| pull-requests: read | |
| # repos.listCommitStatusesForRef | |
| statuses: read | |
| jobs: | |
| arm-auto-signoff: | |
| name: ARM Auto SignOff | |
| # workflow_run - already filtered by triggers above | |
| # pull_request_target:labeled - filter to only the input and output labels | |
| if: | | |
| github.event_name == 'workflow_run' || | |
| (github.event_name == 'pull_request_target' && | |
| (github.event.action == 'labeled' || | |
| github.event.action == 'unlabeled') && | |
| (github.event.label.name == 'Approved-Suppression' || | |
| github.event.label.name == 'ARMAutoSignedOff' || | |
| github.event.label.name == 'ARMReview' || | |
| github.event.label.name == 'ARMSignedOff' || | |
| github.event.label.name == 'NotReadyForARMReview' || | |
| github.event.label.name == 'SuppressionReviewRequired')) | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| # *** IMPORTANT *** | |
| # For workflows that are triggered by the pull_request_target event, the workflow runs in the | |
| # context of the base of the pull request. You should make sure that you do not check out, | |
| # build, or run untrusted code from the head of the pull request. | |
| - uses: actions/checkout@v4 | |
| with: | |
| # Only needs .github folder for automation, not the files in the PR (analyzed in a | |
| # separate workflow). | |
| # | |
| # Uses the .github folder from the PR base branch (pull_request_target trigger), | |
| # or the repo default branch (other triggers). | |
| sparse-checkout: | | |
| .github | |
| # Output: | |
| # { | |
| # labelAction: LabelAction, ("none" for no-op, "add" to add label, and "remove" to remove label) | |
| # issueNumber: number | |
| # } | |
| - id: get-label-action | |
| name: ARM Auto SignOff | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const { default: getLabelAction } = | |
| await import('${{ github.workspace }}/.github/workflows/src/arm-auto-signoff.js'); | |
| return await getLabelAction({ github, context, core }); | |
| - if: | | |
| fromJson(steps.get-label-action.outputs.result).labelAction == 'add' || | |
| fromJson(steps.get-label-action.outputs.result).labelAction == 'remove' | |
| name: Upload artifact with results | |
| uses: ./.github/actions/add-label-artifact | |
| with: | |
| name: "ARMAutoSignedOff" | |
| # Convert "add/remove" to "true/false" | |
| value: "${{ fromJson(steps.get-label-action.outputs.result).labelAction == 'add' }}" | |
| - if: | | |
| fromJson(steps.get-label-action.outputs.result).labelAction == 'add' || | |
| fromJson(steps.get-label-action.outputs.result).labelAction == 'remove' | |
| name: Upload artifact with results | |
| uses: ./.github/actions/add-label-artifact | |
| with: | |
| name: "ARMSignedOff" | |
| # Convert "add/remove" to "true/false" | |
| value: "${{ fromJson(steps.get-label-action.outputs.result).labelAction == 'add' }}" | |
| # Required for consumers to identify the head SHA associated with this workflow run. | |
| # Output can be trusted, because it was uploaded from a workflow that is trusted, | |
| # because "issue_comment", and "workflow_run" only trigger on workflows in the default branch. | |
| # Consumers should verify the "event_name" before attempting to extract from the artifact name. | |
| - if: | | |
| always() && | |
| (github.event_name == 'issue_comment' || github.event_name == 'workflow_run') && | |
| fromJson(steps.get-label-action.outputs.result).headSha | |
| name: Upload artifact with head SHA | |
| uses: ./.github/actions/add-empty-artifact | |
| with: | |
| name: "head-sha" | |
| value: "${{ fromJson(steps.get-label-action.outputs.result).headSha }}" | |
| # Required for consumers to identify the PR associated with this workflow run. | |
| # Output can be trusted, because it was uploaded from a workflow that is trusted, | |
| # because "issue_comment", and "workflow_run" only trigger on workflows in the default branch. | |
| # Consumers should verify the "event_name" before attempting to extract from the artifact name. | |
| - if: | | |
| always() && | |
| (github.event_name == 'issue_comment' || github.event_name == 'workflow_run') && | |
| fromJson(steps.get-label-action.outputs.result).issueNumber > 0 | |
| name: Upload artifact with issue number | |
| uses: ./.github/actions/add-empty-artifact | |
| with: | |
| name: "issue-number" | |
| value: "${{ fromJson(steps.get-label-action.outputs.result).issueNumber }}" |