44 pull_request_review :
55 types : [submitted]
66
7+ permissions :
8+ contents : read
9+ pull-requests : write
10+ actions : write
11+ statuses : write
12+
713jobs :
814 approve_and_run :
915 runs-on : ubuntu-latest
@@ -24,29 +30,24 @@ jobs:
2430 )
2531 )
2632steps :
27- - name : Checking Approval
33+ - name : Handle Approved Review
34+ if : |
35+ github.event.review.state == 'approved' || startsWith(github.event.review.body, 'approved')
2836id : " checking_approval"
2937 run : |
30- DESC="null"
31- if [[ "${{ github.event.review.state }}" == "approved" || "${{ github.event.review.body }}" == approved* ]]; then
32- DESC="${{ github.event.review.user.login }} APPROVED build for ${{ github.event.review.commit_id }}"
33- echo $DESC
34- echo "conclusion=success" >> "$GITHUB_ENV"
35- echo "description=$DESC" >> "$GITHUB_ENV"
36- exit 0
37- elif [[ "${{ github.event.review.body }}" == reject* ]]; then
38- DESC="${{ github.event.review.user.login }} REJECTED build for ${{ github.event.review.commit_id }}"
39- echo $DESC
40- echo "conclusion=failure" >> "$GITHUB_ENV"
41- echo "description=$DESC" >> "$GITHUB_ENV"
42- exit 1
43- else
44- DESC="Assertion Error: Review body expected start with 'approved' or 'reject'. This step should have been skipped but it ran anyway!"
45- echo $DESC
46- echo "conclusion=failure" >> "$GITHUB_ENV"
47- echo "description=$DESC" >> "$GITHUB_ENV"
48- exit 1
49- fi
38+ DESC="${{ github.event.review.user.login }} APPROVED build for ${{ github.event.review.commit_id }}"
39+ echo "$DESC"
40+ echo "conclusion=success" >> "$GITHUB_ENV"
41+ echo "description=$DESC" >> "$GITHUB_ENV"
42+
43+ name : Rejected Review Handling
44+ if : startsWith(github.event.review.body, 'reject')
45+ run : |
46+ DESC="${{ github.event.review.user.login }} REJECTED build for ${{ github.event.review.commit_id }}"
47+ echo "$DESC"
48+ echo "conclusion=failure" >> "$GITHUB_ENV"
49+ echo "description=$DESC" >> "$GITHUB_ENV"
50+ exit 1
5051
5152name : Post Status Check
5253 if :
@@ -76,23 +77,28 @@ jobs:
7677
7778 - name : Trigger Build Commit Workflow
7879 if : success()
80+ env :
81+ PR_BRANCH : ${{ github.event.pull_request.head.ref }}
7982 run : |
80- # Get the source branch of the PR (from the pull_request object)
81- PR_BRANCH="${{ github.event.pull_request.head.ref }}"
82-
83+ echo "Triggering workflow for branch: $PR_BRANCH"
84+
85+ # Construct JSON payload safely using jq
86+ JSON_PAYLOAD=$(jq -n --arg ref "refs/heads/$PR_BRANCH" \
87+ --arg sha "${{ github.event.review.commit_id }}" \
88+ '{ref: $ref, inputs: {sha: $sha}}')
89+
8390 # Define the API endpoint for dispatching the workflow
8491 WORKFLOW_URL="https://api.github.com/repos/${{ github.repository }}/actions/workflows/build.yml/dispatches"
85-
86- # Trigger the workflow for the branch of the pull request
87- echo "Triggering workflow for branch: $PR_BRANCH"
88- RESPONSE=$(curl -s -w "%{http_code}" -o response.json -X POST \
92+
93+ # Trigger the workflow
94+ HTTP_CODE=$(curl -s -o response.json -w "%{http_code}" -X POST \
8995 -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
90- -d '{"ref": "refs/heads/'${PR_BRANCH}'", "inputs": {"sha": "${{ github.event.review.commit_id }}"}}' \
96+ -H "Accept: application/vnd.github.v3+json" \
97+ -d "$JSON_PAYLOAD" \
9198 "$WORKFLOW_URL")
92-
93- # Check if the HTTP status code is 2xx (successful)
94- if [[ "$RESPONSE" -lt 200 || "$RESPONSE" -ge 300 ]]; then
95- echo "Error triggering the workflow : HTTP $RESPONSE"
99+
100+ if [[ "$HTTP_CODE" -lt 200 || "$HTTP_CODE" -ge 300 ]]; then
101+ echo "Error triggering the workflow: HTTP $HTTP_CODE"
96102 cat response.json
97103 exit 1
98104 else
0 commit comments