TriageOps #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: TriageOps | |
on: | |
issues: | |
types: [ opened ] | |
workflow_dispatch: | |
inputs: | |
issue_number: | |
description: GitHub issue number to run against | |
required: true | |
workflow: | |
type: choice | |
options: | |
- new-thread-setup | |
required: true | |
# We only need contents:read permission since we'll be authenticate as our | |
# own GitHUb app here. | |
permissions: | |
contents: read | |
jobs: | |
######################## AUTOMATED ######################## | |
new-thread-setup: | |
name: Setup new thread | |
runs-on: ubuntu-latest | |
if: ${{ github.event.action == 'opened' }} | |
steps: | |
- uses: actions/create-github-app-token@v1 | |
name: "Generate GitHub app token for @recaptimedev-automation[app]" | |
id: app-token | |
with: | |
app-id: ${{ secrets.GH_RTDEV_APP_ID }} | |
private-key: ${{ secrets.GH_RTDEV_APP_KEY }} | |
owner: recaptime-dev | |
- uses: actions/checkout@v3 | |
- name: "Check if author is on github-team:transparency-log-threads" | |
uses: tspascoal/get-user-teams-membership@v3 | |
id: teamAuthCheck | |
with: | |
team: 'transparency-log-threads' | |
username: ${{ github.actor }} | |
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} | |
- name: Lock issue | |
uses: OSDKDev/lock-issues@v1.1 | |
with: | |
repo-token: ${{ steps.app-token.outputs.token }} | |
- name: Auto-reply and close if not part of allowlist | |
if: ${{ steps.teamAuthCheck.outputs.isTeamMember == 'false' }} | |
uses: actions/github-script@v7 | |
with: | |
github-token: ${{ steps.app-token.outputs.token }} | |
script: | | |
const comment = `\ | |
Hi @${context.actor}! | |
You are currently not yet allowlisted to create your own \ | |
thread here. Please see the [README][readme] for more information \ | |
on how to request access. Once you have been allowlisted, you may reopen this \ | |
issue. | |
[readme]: https://github.com/recaptime-dev/transparency-log-threads/blob/main/README.md | |
` | |
github.rest.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: comment | |
}) | |
github.rest.issues.update({ | |
issue_number: context.issue.number, | |
wner: context.repo.owner, | |
repo: context.repo.repo, | |
state: "closed", | |
state_reason: "not_planned" | |
}) | |
- name: Parse issue form | |
if: ${{ steps.teamAuthCheck.outputs.isTeamMember == 'true' }} | |
uses: stefanbuck/github-issue-parser@v3 | |
id: issue-parser | |
with: | |
template-path: .github/ISSUE_TEMPLATE/form.yml | |
- name: Set labels based on role | |
if: ${{ steps.teamAuthCheck.outputs.isTeamMember == 'true' }} | |
uses: redhat-plumbers-in-action/advanced-issue-labeler@v2 | |
with: | |
issue-form: ${{ steps.issue-parser.outputs.jsonString }} | |
section: role | |
token: ${{ steps.app-token.outputs.token }} | |
######################## MANUAL ACTIONS ######################## | |
new-thread-setup-manual: | |
name: 'Setup new thread [manual triggered]' | |
runs-on: ubuntu-latest | |
if: ${{ github.event.inputs.workflow == 'new-thread-setup' }} | |
steps: | |
- uses: actions/create-github-app-token@v1 | |
name: "Generate GitHub app token for @recaptimedev-automation[app]" | |
id: app-token | |
with: | |
app-id: ${{ secrets.GH_RTDEV_APP_ID }} | |
private-key: ${{ secrets.GH_RTDEV_APP_KEY }} | |
owner: recaptime-dev | |
- uses: actions/checkout@v3 | |
- name: Fetch issue info from API | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
return github.rest.issues.get({ | |
issue_number: context.payload.inputs.issue_number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
}); | |
github-token: ${{ steps.app-token.outputs.token }} | |
id: issueData | |
- name: "Check if author is on github-team:transparency-log-threads" | |
uses: tspascoal/get-user-teams-membership@v3 | |
id: teamAuthCheck | |
with: | |
team: 'transparency-log-threads' | |
username: ${{ steps.issueData.outputs.result.data.user.login }} | |
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} | |
- name: Lock issue | |
if: ${{ steps.issueData.outputs.result.locked == 'false' }} | |
uses: OSDKDev/lock-issues@v1.1 | |
with: | |
repo-token: ${{ steps.app-token.outputs.token }} | |
issue-number: ${{ github.event.inputs.issue_number }} | |
- name: Auto-reply and close if not part of allowlist | |
if: ${{ steps.teamAuthCheck.outputs.isTeamMember == 'false' }} | |
uses: actions/github-script@v7 | |
with: | |
github-token: ${{ steps.app-token.outputs.token }} | |
script: | | |
const { data } = await github.rest.issues.get({ | |
issue_number: context.payload.inputs.issue_number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
}); | |
const comment = `\ | |
Hi @${data.user.login}! | |
You are currently not yet allowlisted to create your own \ | |
thread here. Please see the [README][readme] for more information \ | |
on how to request access. Once you have been allowlisted, you may reopen this \ | |
issue. | |
[readme]: https://github.com/recaptime-dev/transparency-log-threads/blob/main/README.md | |
` | |
github.rest.issues.createComment({ | |
issue_number: context.payload.inputs.issue_number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: comment | |
}) | |
github.rest.issues.update({ | |
issue_number: context.inputs.issue_number, | |
wner: context.repo.owner, | |
repo: context.repo.repo, | |
state: "closed", | |
state_reason: "not_planned" | |
}) | |
- name: Parse issue form | |
if: ${{ steps.teamAuthCheck.outputs.isTeamMember == 'true' }} | |
uses: stefanbuck/github-issue-parser@v3 | |
id: issue-parser | |
with: | |
template-path: .github/ISSUE_TEMPLATE/form.yml | |
issue-body: ${{ steps.issueData.outputs.result.data.body }} | |
- name: Set labels based on role | |
if: ${{ steps.teamAuthCheck.outputs.isTeamMember == 'true' }} | |
uses: redhat-plumbers-in-action/advanced-issue-labeler@v2 | |
with: | |
issue-form: ${{ steps.issue-parser.outputs.jsonString }} | |
section: role | |
token: ${{ steps.app-token.outputs.token }} |