PR Checks (privileged) #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Checks (privileged) | |
| # Runs in the base-repo context (privileged) after eslint-check.yml completes. | |
| # Downloads pre-built artifacts and posts PR comments/annotations. | |
| # Never checks out or executes fork code. | |
| on: | |
| workflow_run: | |
| workflows: ['ESLint Check'] | |
| types: [completed] | |
| jobs: | |
| comment: | |
| if: > | |
| github.event.workflow_run.event == 'pull_request' && | |
| github.event.workflow_run.conclusion == 'success' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout trusted workflow helpers | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.repository.default_branch }} | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: bundle-size-data | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| run-id: ${{ github.event.workflow_run.id }} | |
| - name: Find PR number | |
| id: find-pr | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const run = context.payload.workflow_run; | |
| if (run.pull_requests && run.pull_requests.length > 0) { | |
| return run.pull_requests[0].number; | |
| } | |
| // Fallback for fork PRs (pull_requests is empty for forks) | |
| const { data: prs } = await github.rest.pulls.list({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| head: `${run.head_repository.full_name}:${run.head_branch}`, | |
| state: 'open', | |
| }); | |
| if (prs.length === 0) { | |
| core.setFailed('Could not determine PR number'); | |
| return; | |
| } | |
| return prs[0].number; | |
| result-encoding: string | |
| - name: Render bundle size comment | |
| if: steps.find-pr.outputs.result | |
| run: | | |
| node .github/scripts/render-bundle-size-comment.js pr-sizes.json base-sizes.json > bundle-size-comment.md | |
| - name: Post bundle size comment | |
| if: steps.find-pr.outputs.result | |
| uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 | |
| with: | |
| header: bundle-size | |
| path: bundle-size-comment.md | |
| number: ${{ steps.find-pr.outputs.result }} | |
| annotate: | |
| if: > | |
| github.event.workflow_run.event == 'pull_request' && | |
| github.event.workflow_run.conclusion == 'success' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| checks: write | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: eslint_report.json | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| run-id: ${{ github.event.workflow_run.id }} | |
| - name: Annotate Code Linting Results | |
| uses: ataylorme/eslint-annotate-action@5f4dc2e3af8d3c21b727edb597e5503510b1dc9c | |
| with: | |
| repo-token: '${{ secrets.GITHUB_TOKEN }}' | |
| report-json: 'eslint_report.json' |