feat: delete env #18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deployment Approval | |
| on: | |
| pull_request: | |
| branches: [ master ] | |
| push: | |
| branches: [ master ] | |
| issue_comment: | |
| types: [created] | |
| # 添加权限配置 | |
| permissions: | |
| contents: read | |
| issues: write | |
| pull-requests: write | |
| jobs: | |
| approval: | |
| timeout-minutes: 10 | |
| runs-on: ubuntu-latest | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| steps: | |
| - name: Debug Event | |
| run: | | |
| echo "Event name: ${{ github.event_name }}" | |
| echo "Ref: ${{ github.ref }}" | |
| echo "SHA: ${{ github.sha }}" | |
| echo "Runner OS: ${{ runner.os }}" | |
| echo "Runner Name: ${{ runner.name }}" | |
| - name: Create Deployment Issue | |
| if: github.event_name == 'push' || github.event_name == 'pull_request' | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| try { | |
| const issue = await github.rest.issues.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| title: '🚀 Deployment Approval Required', | |
| body: ` | |
| ### Deployment Approval Request | |
| - Commit: ${context.sha} | |
| - Triggered by: @${context.actor} | |
| - Branch: ${context.ref} | |
| - Event: ${context.eventName} | |
| To approve this deployment, a maintainer must comment with \`confirm\` | |
| ` | |
| }); | |
| console.log('Successfully created issue:', issue.data.html_url); | |
| } catch (error) { | |
| console.error('Error creating issue:', error); | |
| core.setFailed(error.message); | |
| } | |
| - name: Check Approver Permission | |
| if: github.event_name == 'issue_comment' | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const author = context.payload.comment.user.login; | |
| const repo = context.payload.repository.name; | |
| const owner = context.payload.repository.owner.login; | |
| const { data: permission } = await github.rest.repos.getCollaboratorPermissionLevel({ | |
| owner, | |
| repo, | |
| username: author | |
| }); | |
| if (!['admin', 'write'].includes(permission.permission)) { | |
| throw new Error('Only repository maintainers can approve deployments'); | |
| } | |
| trigger-deploy: | |
| needs: approval | |
| if: github.event_name == 'issue_comment' && contains(github.event.comment.body, 'confirm') | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Close Approval Issue | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| await github.rest.issues.update({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.payload.issue.number, | |
| state: 'closed' | |
| }); | |
| - name: Trigger Deploy Workflow | |
| uses: actions/github-script@v6 | |
| with: | |
| # 使用具有更高权限的 PAT | |
| github-token: ${{ secrets.WORKFLOW_PAT }} | |
| script: | | |
| await github.rest.actions.createWorkflowDispatch({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| workflow_id: 'deploy.yml', | |
| ref: 'master' | |
| }) |