From dd77c2e797b8df6c68992672f2ce73e6376c63e1 Mon Sep 17 00:00:00 2001 From: Mitchell Hashimoto Date: Tue, 3 Feb 2026 10:43:48 -0800 Subject: [PATCH] update our GitHub actions --- .github/vouch/vouch.nu | 12 ++-- .github/workflows/vouch-issue-comment.yml | 64 +++++++++++++++++++ .../{vouch.yml => vouch-pr-comment.yml} | 23 +++---- .../{pr-gate.yml => vouch-pr-gate.yml} | 4 +- 4 files changed, 84 insertions(+), 19 deletions(-) create mode 100644 .github/workflows/vouch-issue-comment.yml rename .github/workflows/{vouch.yml => vouch-pr-comment.yml} (66%) rename .github/workflows/{pr-gate.yml => vouch-pr-gate.yml} (91%) diff --git a/.github/vouch/vouch.nu b/.github/vouch/vouch.nu index ca248e86b..2090cc419 100755 --- a/.github/vouch/vouch.nu +++ b/.github/vouch/vouch.nu @@ -77,7 +77,7 @@ export def "main add" [ # - "denounce username" - denounces the specified user # - "denounce username reason" - denounces with a reason # -# Outputs a status to stdout: "skipped", "already", "vouched", or "denounced" +# Outputs a status to stdout: "vouched", "denounced", or "unchanged" # # Examples: # @@ -127,7 +127,7 @@ export def "main gh-manage-by-issue" [ if not $is_lgtm and not $is_denounce { print "Comment does not match any enabled action" - print "skipped" + print "unchanged" return } @@ -136,13 +136,13 @@ export def "main gh-manage-by-issue" [ github api "get" $"/repos/($owner)/($repo_name)/collaborators/($commenter)/permission" | get permission } catch { print $"($commenter) does not have collaborator access" - print "skipped" + print "unchanged" return } if not ($permission in ["admin", "write"]) { print $"($commenter) does not have write access" - print "skipped" + print "unchanged" return } @@ -161,7 +161,7 @@ export def "main gh-manage-by-issue" [ print "(dry-run) Would post 'already vouched' comment" } - print "already" + print "unchanged" return } @@ -192,7 +192,7 @@ export def "main gh-manage-by-issue" [ let status = check-user $target_user $lines if $status == "denounced" { print $"($target_user) is already denounced" - print "already" + print "unchanged" return } diff --git a/.github/workflows/vouch-issue-comment.yml b/.github/workflows/vouch-issue-comment.yml new file mode 100644 index 000000000..d97529ebd --- /dev/null +++ b/.github/workflows/vouch-issue-comment.yml @@ -0,0 +1,64 @@ +name: Vouch Issue Comment + +on: + issue_comment: + types: [created] + +jobs: + vouch: + if: ${{ !github.event.issue.pull_request }} + runs-on: namespace-profile-ghostty-xsm + permissions: + contents: write + issues: write + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + ref: ${{ github.event.repository.default_branch }} + + - uses: DeterminateSystems/nix-installer-action@main + with: + determinate: true + - uses: cachix/cachix-action@3ba601ff5bbb07c7220846facfa2cd81eeee15a1 # v16 + with: + name: ghostty + authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" + + - name: Manage contributor + id: update + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + status=$(nix develop -c nu .github/vouch/vouch.nu gh-manage-by-issue \ + -R ${{ github.repository }} \ + ${{ github.event.issue.number }} \ + ${{ github.event.comment.id }} \ + --dry-run=false \ + | tail -1) + echo "status=$status" >> "$GITHUB_OUTPUT" + + - name: Commit and push + if: steps.update.outputs.status != 'unchanged' && steps.update.outputs.status != '' + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add .github/VOUCHED + git diff --staged --quiet || git commit -m "chore: update VOUCHED for ${{ github.event.issue.user.login }}" + git push + + - name: Comment on vouch + if: steps.update.outputs.status == 'vouched' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh issue comment ${{ github.event.issue.number }} \ + --body "@${{ github.event.issue.user.login }} has been vouched for and added to the contributors list. You can now submit PRs. Thanks for contributing!" + + - name: Comment on denounce + if: steps.update.outputs.status == 'denounced' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh issue comment ${{ github.event.issue.number }} \ + --body "@${{ github.event.issue.user.login }} has been denounced from this project. Bye, Felicia!" diff --git a/.github/workflows/vouch.yml b/.github/workflows/vouch-pr-comment.yml similarity index 66% rename from .github/workflows/vouch.yml rename to .github/workflows/vouch-pr-comment.yml index 9ef8297a3..3fe66e148 100644 --- a/.github/workflows/vouch.yml +++ b/.github/workflows/vouch-pr-comment.yml @@ -1,4 +1,4 @@ -name: Vouch +name: Vouch PR Comment on: issue_comment: @@ -6,11 +6,11 @@ on: jobs: vouch: - if: ${{ !github.event.issue.pull_request }} + if: ${{ github.event.issue.pull_request }} runs-on: namespace-profile-ghostty-xsm permissions: contents: write - issues: write + pull-requests: write steps: - name: Checkout uses: actions/checkout@v4 @@ -25,32 +25,33 @@ jobs: name: ghostty authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" - - name: Vouch for contributor + - name: Manage contributor id: update env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - status=$(nix develop -c nu .github/vouch/vouch.nu approve-by-issue \ + status=$(nix develop -c nu .github/vouch/vouch.nu gh-manage-by-issue \ -R ${{ github.repository }} \ ${{ github.event.issue.number }} \ ${{ github.event.comment.id }} \ + --allow-vouch=false \ --dry-run=false \ | tail -1) echo "status=$status" >> "$GITHUB_OUTPUT" - name: Commit and push - if: steps.update.outputs.status == 'added' + if: steps.update.outputs.status != 'unchanged' && steps.update.outputs.status != '' run: | git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" git add .github/VOUCHED - git diff --staged --quiet || git commit -m "chore: vouch for contributor ${{ github.event.issue.user.login }}" + git diff --staged --quiet || git commit -m "chore: update VOUCHED for ${{ github.event.issue.user.login }}" git push - - name: Comment on issue - if: steps.update.outputs.status == 'added' + - name: Comment on denounce + if: steps.update.outputs.status == 'denounced' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - gh issue comment ${{ github.event.issue.number }} \ - --body "@${{ github.event.issue.user.login }} has been vouched for and added to the contributors list. You can now submit PRs. Thanks for contributing!" + gh pr comment ${{ github.event.issue.number }} \ + --body "@${{ github.event.issue.user.login }} has been denounced and will not be able to submit PRs." diff --git a/.github/workflows/pr-gate.yml b/.github/workflows/vouch-pr-gate.yml similarity index 91% rename from .github/workflows/pr-gate.yml rename to .github/workflows/vouch-pr-gate.yml index 360b97369..c86207248 100644 --- a/.github/workflows/pr-gate.yml +++ b/.github/workflows/vouch-pr-gate.yml @@ -1,4 +1,4 @@ -name: PR Gate +name: Vouch PR Gate on: pull_request_target: @@ -29,7 +29,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - nix develop -c nu .github/vouch/vouch.nu check-pr \ + nix develop -c nu .github/vouch/vouch.nu gh-check-pr \ -R ${{ github.repository }} \ ${{ github.event.pull_request.number }} \ --dry-run=false