Merge pull request #20 from joshjohanning/enhancements

feat: using github-script for commentsand updating readme
joshjohanning · Nov 29, 2023 · 28cac82 · 28cac82
2 parents 298e6a9 + a8b0ad8
commit 28cac82
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 37 deletions.
diff --git a/README.md b/README.md
@@ -12,33 +12,29 @@ on:
   issue_comment:
     types: [created]
 
-env:
-  approver_team_name: 'approver-team'
-  approval_command: '/approve'
-
 jobs:
   approveops:
     runs-on: ubuntu-latest
     if: contains(github.event.comment.body, '/do-stuff')
 
     steps:
     # get the app's installation token
-    - uses: tibdex/github-app-token@v1
-      id: get_installation_token
+    - uses: actions/create-github-app-token@v1
+      id: app-token
       with:
-        app_id: 170284
-        private_key: ${{ secrets.PRIVATE_KEY }}
+        app-id: ${{ vars.APP_ID }}
+        private-key: ${{ secrets.PRIVATE_KEY }}
 
     - name: ApproveOps - Approvals in IssueOps
       uses: joshjohanning/approveops@v2
       id: check-approval
       with:
-        token: ${{ steps.get_installation_token.outputs.token }} # use a github app token or a PAT
-        approve-command: '${{ env.approval_command }}' # Optional, defaults to '/approve', the command to look for in the comments
-        team-name: ${{ env.approver_team_name }} # The name of the team in GitHub to check for the approval command; e.g.: approver-team
-        fail-if-approval-not-found: false # Optional, defaults to true, fail the action (show the action run as red) if the command is not found in the comments from someone in the approver team"
-        post-successful-approval-comment: true # Optional, defaults to true, whether to post successful approval comment
-        successful-approval-comment: ':tada:  You were able to run the workflow because someone left an approval in the comments!! :tada:' # Optional, comment to post if an approval is found
+        token: ${{ steps.app-token.outputs.token }} # use a github app token or a PAT
+        approve-command: '/approve' # defaults to '/approve', the command to look for in the comments
+        team-name: 'approver-team' # the name of the team in GitHub to check for the approval command; e.g.: approver-team
+        fail-if-approval-not-found: true # defaults to true, fail the action (show the action run as red) if the command is not found in the comments from someone in the approver team"
+        post-successful-approval-comment: false # defaults to true, whether to post successful approval comment
+        successful-approval-comment: ':tada:  You were able to run the workflow because someone left an approval in the comments!! :tada:' # Optional, only if post-successful-approval-comment is true, comment to post if an approval is found
 ```
 
 ## Prerequisites
@@ -50,7 +46,7 @@ jobs:
       - **read & write** on `Repository / Issues` to create the comment
       - **read-only** on `Organization / Members` to list the members of the team
     - Generate a `PRIVATE_KEY` for the GitHub app and store it as a repo or organizational secret
-    - Note the `APP ID` to use as an input for an action like `tibdex/github-app-token@v1`
+    - Note the `APP ID` to use as an input for an action like `actions/create-github-app-token@v1`
   - Classic PAT
     - If you are using a classic PAT, it will need the following scopes:
     - `repo` - to create the comment

diff --git a/action.yml b/action.yml
@@ -15,6 +15,7 @@ inputs:
     required: true
   token:
     description: "GitHub App installation token or PAT that has access to read the comments and check the org team's membership"
+    default: ${{ github.token }} # this doesn't allow tagging of the approval team; better to use GitHub App
     required: true
   fail-if-approval-not-found:
     description: "Fail the action (i.e. show the action run as red) if the command is not found in the comments from someone in the approver team"
@@ -43,7 +44,7 @@ runs:
         GH_TOKEN: ${{ inputs.token }}
       shell: bash
       run: |
-        # "checking for a ${{ inputs.approve-command }} command in the comments from someone in the approver team"
+        # "checking for a ${{ inputs.approve-command }} command in the comments from someone in the ${{ inputs.team-name}} team"
         users=$(gh api --paginate '/orgs/${{ github.repository_owner }}/teams/${{ inputs.team-name }}/members' | jq -c '.[].login')
         approveCommand="${{ inputs.approve-command }}"
         authorized=false
@@ -67,48 +68,66 @@ runs:
             echo "Approval not found or not authorized"
             echo "approved=false" >> $GITHUB_OUTPUT
             if !(${{ inputs.fail-if-approval-not-found }}); then
-              echo "::notice title=Not Approved::There is no ${{ inputs.approve-command }} command in the comments from someone in the ${{ github.repository_owner }}/${{ inputs.team-name }} team"
+              echo "::notice title=Not Approved::There is no ${{ inputs.approve-command }} command in the comments from someone in the @${{ github.repository_owner }}/${{ inputs.team-name }} team"
             fi
         fi
 
     - if: ${{ steps.check-approval.outputs.approved == 'false' && inputs.fail-if-approval-not-found == 'true' }}
       name: Create completed comment
-      uses: peter-evans/[email protected]
+      uses: actions/github-script@v6
       with:
-        token: ${{ inputs.token }}
-        issue-number: ${{ github.event.issue.number }}
-        body: |
-          Hey, @${{ github.event.comment.user.login }}!
-          :cry:  No one approved your run yet! Have someone from the @${{ github.repository_owner }}/${{ inputs.team-name }} team run `${{ inputs.approve-command }}` and then try your command again
+        github-token: ${{ inputs.token }}
+        script: |
+          let commentBody = `Hey, @${{ github.event.comment.user.login }}!
+          :cry: No one approved your run yet! Have someone from the @${context.repo.owner}/${{ inputs.team-name }} team comment \`${{ inputs.approve-command }}\` and then try your command again
 
           _:no_entry_sign: :no_entry: Marking the [workflow run](${{ github.event.repository.html_url }}/actions/runs/${{ github.run_id }}) as failed_
+          `
+          await github.rest.issues.createComment({
+            issue_number: context.issue.number,
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: commentBody
+          })
 
     - if: ${{ steps.check-approval.outputs.approved == 'false' && inputs.fail-if-approval-not-found == 'false' }}
       name: Create completed comment
-      uses: peter-evans/[email protected]
+      uses: actions/github-script@v6
       with:
-        token: ${{ inputs.token }}
-        issue-number: ${{ github.event.issue.number }}
-        body: |
-          Hey, @${{ github.event.comment.user.login }}!
-          :cry:  No one approved your run yet! Have someone from the @${{ github.repository_owner }}/${{ inputs.team-name }} team run `${{ inputs.approve-command }}` and then try your command again
+        github-token: ${{ inputs.token }}
+        script: |
+          let commentBody = `Hey, @${{ github.event.comment.user.login }}!
+          :cry:  No one approved your run yet! Have someone from the @${context.repo.owner}/${{ inputs.team-name }} team run `${{ inputs.approve-command }}` and then try your command again
 
           _:warning: :pause_button: See [workflow run](${{ github.event.repository.html_url }}/actions/runs/${{ github.run_id }}) for reference_
-          
+          `
+          await github.rest.issues.createComment({
+            issue_number: context.issue.number,
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: commentBody
+          })
+
     - if: ${{ steps.check-approval.outputs.approved == 'true' && inputs.post-successful-approval-comment == 'true' }}
       name: Create completed comment
-      uses: peter-evans/[email protected]
+      uses: actions/github-script@v6
       with:
-        token: ${{ inputs.token }}
-        issue-number: ${{ github.event.issue.number }}
-        body: |
-          Hey, @${{ github.event.comment.user.login }}!
+        github-token: ${{ inputs.token }}
+        script: |
+          let commentBody = `Hey, @${{ github.event.comment.user.login }}!
           ${{ inputs.successful-approval-comment }}
+          `
+          await github.rest.issues.createComment({
+            issue_number: context.issue.number,
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: commentBody
+          })
 
     # if specified, exit with an error if approval is not found
     - name: exit and fail workflow if not approved
       if: ${{ inputs.fail-if-approval-not-found == 'true' && steps.check-approval.outputs.approved == 'false' }}
-      uses: actions/github-script@v6.4.0
+      uses: actions/github-script@v6
       with:
         script: |
-          core.setFailed("There is no ${{ inputs.approve-command }} command in the comments from someone in the ${{ github.repository_owner }}/${{ inputs.team-name }} team");
+          core.setFailed(`There is no ${{ inputs.approve-command }} command in the comments from someone in the @${context.repo.owner}/${{ inputs.team-name }} team`);