feat: fixbug1 #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deployment Approval | |
| on: | |
| pull_request: | |
| branches: [ master ] | |
| push: | |
| branches: [ master ] | |
| issue_comment: | |
| types: [created] | |
| jobs: | |
| approval: | |
| if: | | |
| github.event_name == 'issue_comment' && contains(github.event.comment.body, 'confirm') || | |
| github.event_name == 'push' || | |
| github.event_name == 'pull_request' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Create Deployment Issue | |
| if: github.event_name == 'push' || github.event_name == 'pull_request' | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const issue = await github.rest.issues.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| title: '🚀 Deployment Approval Required', | |
| body: ` | |
| ### Deployment Approval Request | |
| - Commit: ${context.sha} | |
| - Triggered by: @${context.actor} | |
| - Branch: ${context.ref} | |
| - Event: ${context.eventName} | |
| To approve this deployment, a maintainer must comment with \`confirm\` | |
| ` | |
| }); | |
| console.log(`Created approval issue #${issue.data.number}`); | |
| - name: Check Approver Permission | |
| if: github.event_name == 'issue_comment' | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const author = context.payload.comment.user.login; | |
| const repo = context.payload.repository.name; | |
| const owner = context.payload.repository.owner.login; | |
| const { data: permission } = await github.rest.repos.getCollaboratorPermissionLevel({ | |
| owner, | |
| repo, | |
| username: author | |
| }); | |
| if (!['admin', 'write'].includes(permission.permission)) { | |
| throw new Error('Only repository maintainers can approve deployments'); | |
| } | |
| trigger-deploy: | |
| needs: approval | |
| if: github.event_name == 'issue_comment' && contains(github.event.comment.body, 'confirm') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Close Approval Issue | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| await github.rest.issues.update({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.payload.issue.number, | |
| state: 'closed' | |
| }); | |
| - name: Trigger Deploy Workflow | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| await github.rest.actions.createWorkflowDispatch({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| workflow_id: 'deploy.yml', | |
| ref: 'master' | |
| }) |