update our GitHub actions

2026-04-14 03:25:50 +00:00 · 2026-02-03 10:43:48 -08:00
parent 4af4625249
commit dd77c2e797
4 changed files with 84 additions and 19 deletions
--- a/.github/vouch/vouch.nu
+++ b/.github/vouch/vouch.nu
@@ -77,7 +77,7 @@ export def "main add" [
 #   - "denounce username" - denounces the specified user
 #   - "denounce username reason" - denounces with a reason
 #
-# Outputs a status to stdout: "skipped", "already", "vouched", or "denounced"
+# Outputs a status to stdout: "vouched", "denounced", or "unchanged"
 #
 # Examples:
 #
@@ -127,7 +127,7 @@ export def "main gh-manage-by-issue" [

  if not $is_lgtm and not $is_denounce {
    print "Comment does not match any enabled action"
-    print "skipped"
+    print "unchanged"
    return
  }

@@ -136,13 +136,13 @@ export def "main gh-manage-by-issue" [
    github api "get" $"/repos/($owner)/($repo_name)/collaborators/($commenter)/permission" | get permission
  } catch {
    print $"($commenter) does not have collaborator access"
-    print "skipped"
+    print "unchanged"
    return
  }

  if not ($permission in ["admin", "write"]) {
    print $"($commenter) does not have write access"
-    print "skipped"
+    print "unchanged"
    return
  }

@@ -161,7 +161,7 @@ export def "main gh-manage-by-issue" [
        print "(dry-run) Would post 'already vouched' comment"
      }

-      print "already"
+      print "unchanged"
      return
    }

@@ -192,7 +192,7 @@ export def "main gh-manage-by-issue" [
    let status = check-user $target_user $lines
    if $status == "denounced" {
      print $"($target_user) is already denounced"
-      print "already"
+      print "unchanged"
      return
    }

--- a/.github/workflows/vouch-issue-comment.yml
+++ b/.github/workflows/vouch-issue-comment.yml
@@ -0,0 +1,64 @@
+name: Vouch Issue Comment
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  vouch:
+    if: ${{ !github.event.issue.pull_request }}
+    runs-on: namespace-profile-ghostty-xsm
+    permissions:
+      contents: write
+      issues: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.repository.default_branch }}
+
+      - uses: DeterminateSystems/nix-installer-action@main
+        with:
+          determinate: true
+      - uses: cachix/cachix-action@3ba601ff5bbb07c7220846facfa2cd81eeee15a1 # v16
+        with:
+          name: ghostty
+          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
+
+      - name: Manage contributor
+        id: update
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          status=$(nix develop -c nu .github/vouch/vouch.nu gh-manage-by-issue \
+            -R ${{ github.repository }} \
+            ${{ github.event.issue.number }} \
+            ${{ github.event.comment.id }} \
+            --dry-run=false \
+            | tail -1)
+          echo "status=$status" >> "$GITHUB_OUTPUT"
+
+      - name: Commit and push
+        if: steps.update.outputs.status != 'unchanged' && steps.update.outputs.status != ''
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add .github/VOUCHED
+          git diff --staged --quiet || git commit -m "chore: update VOUCHED for ${{ github.event.issue.user.login }}"
+          git push
+
+      - name: Comment on vouch
+        if: steps.update.outputs.status == 'vouched'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh issue comment ${{ github.event.issue.number }} \
+            --body "@${{ github.event.issue.user.login }} has been vouched for and added to the contributors list. You can now submit PRs. Thanks for contributing!"
+
+      - name: Comment on denounce
+        if: steps.update.outputs.status == 'denounced'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh issue comment ${{ github.event.issue.number }} \
+            --body "@${{ github.event.issue.user.login }} has been denounced from this project. Bye, Felicia!"
--- a/.github/workflows/vouch-pr-comment.yml
+++ b/.github/workflows/vouch-pr-comment.yml
@@ -1,4 +1,4 @@
-name: Vouch
+name: Vouch PR Comment

 on:
  issue_comment:
@@ -6,11 +6,11 @@ on:

 jobs:
  vouch:
-    if: ${{ !github.event.issue.pull_request }}
+    if: ${{ github.event.issue.pull_request }}
    runs-on: namespace-profile-ghostty-xsm
    permissions:
      contents: write
-      issues: write
+      pull-requests: write
    steps:
      - name: Checkout
        uses: actions/checkout@v4
@@ -25,32 +25,33 @@ jobs:
          name: ghostty
          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"

-      - name: Vouch for contributor
+      - name: Manage contributor
        id: update
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
-          status=$(nix develop -c nu .github/vouch/vouch.nu approve-by-issue \
+          status=$(nix develop -c nu .github/vouch/vouch.nu gh-manage-by-issue \
            -R ${{ github.repository }} \
            ${{ github.event.issue.number }} \
            ${{ github.event.comment.id }} \
+            --allow-vouch=false \
            --dry-run=false \
            | tail -1)
          echo "status=$status" >> "$GITHUB_OUTPUT"

      - name: Commit and push
-        if: steps.update.outputs.status == 'added'
+        if: steps.update.outputs.status != 'unchanged' && steps.update.outputs.status != ''
        run: |
          git config user.name "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"
          git add .github/VOUCHED
-          git diff --staged --quiet || git commit -m "chore: vouch for contributor ${{ github.event.issue.user.login }}"
+          git diff --staged --quiet || git commit -m "chore: update VOUCHED for ${{ github.event.issue.user.login }}"
          git push

-      - name: Comment on issue
-        if: steps.update.outputs.status == 'added'
+      - name: Comment on denounce
+        if: steps.update.outputs.status == 'denounced'
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
-          gh issue comment ${{ github.event.issue.number }} \
-            --body "@${{ github.event.issue.user.login }} has been vouched for and added to the contributors list. You can now submit PRs. Thanks for contributing!"
+          gh pr comment ${{ github.event.issue.number }} \
+            --body "@${{ github.event.issue.user.login }} has been denounced and will not be able to submit PRs."
--- a/.github/workflows/vouch-pr-gate.yml
+++ b/.github/workflows/vouch-pr-gate.yml
@@ -1,4 +1,4 @@
-name: PR Gate
+name: Vouch PR Gate

 on:
  pull_request_target:
@@ -29,7 +29,7 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
-          nix develop -c nu .github/vouch/vouch.nu check-pr \
+          nix develop -c nu .github/vouch/vouch.nu gh-check-pr \
            -R ${{ github.repository }} \
            ${{ github.event.pull_request.number }} \
            --dry-run=false