๐ Deployment Approval Required #19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deployment Approval | |
| on: | |
| pull_request: | |
| branches: [ master ] | |
| push: | |
| branches: [ master ] | |
| issue_comment: | |
| types: [created] | |
| # ๆทปๅ ๆ้้ ็ฝฎ | |
| permissions: | |
| contents: read | |
| issues: write | |
| pull-requests: write | |
| jobs: | |
| approval: | |
| timeout-minutes: 10 | |
| runs-on: ubuntu-latest | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| steps: | |
| - name: Debug Event | |
| run: | | |
| echo "Event name: ${{ github.event_name }}" | |
| echo "Ref: ${{ github.ref }}" | |
| echo "SHA: ${{ github.sha }}" | |
| echo "Runner OS: ${{ runner.os }}" | |
| echo "Runner Name: ${{ runner.name }}" | |
| - name: Create Deployment Issue | |
| if: github.event_name == 'push' || github.event_name == 'pull_request' | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| try { | |
| const issue = await github.rest.issues.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| title: '๐ Deployment Approval Required', | |
| body: ` | |
| ### Deployment Approval Request | |
| - Commit: ${context.sha} | |
| - Triggered by: @${context.actor} | |
| - Branch: ${context.ref} | |
| - Event: ${context.eventName} | |
| To approve this deployment, a maintainer must comment with \`confirm\` | |
| ` | |
| }); | |
| console.log('Successfully created issue:', issue.data.html_url); | |
| } catch (error) { | |
| console.error('Error creating issue:', error); | |
| core.setFailed(error.message); | |
| } | |
| - name: Check Approver Permission | |
| if: github.event_name == 'issue_comment' | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const author = context.payload.comment.user.login; | |
| const repo = context.payload.repository.name; | |
| const owner = context.payload.repository.owner.login; | |
| const { data: permission } = await github.rest.repos.getCollaboratorPermissionLevel({ | |
| owner, | |
| repo, | |
| username: author | |
| }); | |
| if (!['admin', 'write'].includes(permission.permission)) { | |
| throw new Error('Only repository maintainers can approve deployments'); | |
| } | |
| trigger-deploy: | |
| needs: approval | |
| if: github.event_name == 'issue_comment' && contains(github.event.comment.body, 'confirm') | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Close Approval Issue | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| await github.rest.issues.update({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.payload.issue.number, | |
| state: 'closed' | |
| }); | |
| - name: Trigger Deploy Workflow | |
| uses: actions/github-script@v6 | |
| with: | |
| # ไฝฟ็จๅ ทๆๆด้ซๆ้็ PAT | |
| github-token: ${{ secrets.WORKFLOW_PAT }} | |
| script: | | |
| await github.rest.actions.createWorkflowDispatch({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| workflow_id: 'deploy.yml', | |
| ref: 'master' | |
| }) |