Verify PR Comment #450
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Verify PR Comment | |
| # Runs in the base repo context after CI completes, so it always has | |
| # access to secrets — even for fork PRs. | |
| on: | |
| workflow_run: | |
| workflows: ["CI"] | |
| types: [completed] | |
| jobs: | |
| comment: | |
| name: Post verify comment | |
| runs-on: ubuntu-latest | |
| if: >- | |
| github.event.workflow_run.event == 'pull_request' && | |
| github.event.workflow_run.conclusion != 'cancelled' | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Download verify results | |
| id: download | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: verify-results | |
| path: /tmp/verify-artifact | |
| run-id: ${{ github.event.workflow_run.id }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| continue-on-error: true | |
| - name: Generate GitHub App token | |
| if: steps.download.outcome == 'success' | |
| id: app-token | |
| uses: actions/create-github-app-token@v3 | |
| with: | |
| app-id: ${{ secrets.REPOSITORY_BUTLER_APP_ID }} | |
| private-key: ${{ secrets.REPOSITORY_BUTLER_PEM }} | |
| - name: Post filter verification PR comment | |
| if: steps.download.outcome == 'success' | |
| uses: actions/github-script@v8 | |
| with: | |
| github-token: ${{ steps.app-token.outputs.token }} | |
| script: | | |
| const script = require('./.github/scripts/post-verify-comment.js'); | |
| await script({ github, context, core, artifactDir: '/tmp/verify-artifact' }); |