name: Pre-commit Bot run-name: Pre-commit bot for PR #${{ github.event.issue.number }} on: issue_comment: types: [created] jobs: pre-commit: # Only run on pull request comments if: github.event.issue.pull_request && contains(github.event.comment.body, '@github-actions run precommit') runs-on: ubuntu-latest permissions: contents: write pull-requests: write steps: - name: Check comment author and get PR details id: check_author uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | // Get PR details const pr = await github.rest.pulls.get({ owner: context.repo.owner, repo: context.repo.repo, pull_number: context.issue.number }); // Check if commenter has write access or is the PR author const commenter = context.payload.comment.user.login; const prAuthor = pr.data.user.login; let hasPermission = false; // Check if commenter is PR author if (commenter === prAuthor) { hasPermission = true; console.log(`Comment author ${commenter} is the PR author`); } else { // Check if commenter has write/admin access try { const permission = await github.rest.repos.getCollaboratorPermissionLevel({ owner: context.repo.owner, repo: context.repo.repo, username: commenter }); const level = permission.data.permission; hasPermission = ['write', 'admin', 'maintain'].includes(level); console.log(`Comment author ${commenter} has permission: ${level}`); } catch (error) { console.log(`Could not check permissions for ${commenter}: ${error.message}`); } } if (!hasPermission) { await github.rest.issues.createComment({ owner: context.repo.owner, repo: context.repo.repo, issue_number: context.issue.number, body: `āŒ @${commenter} You don't have permission to trigger pre-commit. Only PR authors or repository collaborators can run this command.` }); core.setFailed(`User ${commenter} does not have permission`); return; } // Save PR info for later steps core.setOutput('pr_number', context.issue.number); core.setOutput('pr_head_ref', pr.data.head.ref); core.setOutput('pr_head_sha', pr.data.head.sha); core.setOutput('pr_head_repo', pr.data.head.repo.full_name); core.setOutput('pr_base_ref', pr.data.base.ref); core.setOutput('is_fork', pr.data.head.repo.full_name !== context.payload.repository.full_name); core.setOutput('authorized', 'true'); - name: React to comment if: steps.check_author.outputs.authorized == 'true' uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | await github.rest.reactions.createForIssueComment({ owner: context.repo.owner, repo: context.repo.repo, comment_id: context.payload.comment.id, content: 'rocket' }); - name: Comment starting if: steps.check_author.outputs.authorized == 'true' uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | await github.rest.issues.createComment({ owner: context.repo.owner, repo: context.repo.repo, issue_number: ${{ steps.check_author.outputs.pr_number }}, body: `ā³ Running pre-commit hooks on PR #${{ steps.check_author.outputs.pr_number }}...` }); - name: Checkout PR branch (same-repo) if: steps.check_author.outputs.authorized == 'true' && steps.check_author.outputs.is_fork == 'false' uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ steps.check_author.outputs.pr_head_ref }} fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} - name: Checkout PR branch (fork) if: steps.check_author.outputs.authorized == 'true' && steps.check_author.outputs.is_fork == 'true' uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: repository: ${{ steps.check_author.outputs.pr_head_repo }} ref: ${{ steps.check_author.outputs.pr_head_ref }} fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} - name: Verify checkout if: steps.check_author.outputs.authorized == 'true' run: | echo "Current SHA: $(git rev-parse HEAD)" echo "Expected SHA: ${{ steps.check_author.outputs.pr_head_sha }}" if [[ "$(git rev-parse HEAD)" != "${{ steps.check_author.outputs.pr_head_sha }}" ]]; then echo "::error::Checked out SHA does not match expected SHA" exit 1 fi - name: Set up Python if: steps.check_author.outputs.authorized == 'true' uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: '3.12' cache: pip cache-dependency-path: | **/requirements*.txt .pre-commit-config.yaml - name: Set up Node.js if: steps.check_author.outputs.authorized == 'true' uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: node-version: '20' cache: 'npm' cache-dependency-path: 'llama_stack/ui/' - name: Install npm dependencies if: steps.check_author.outputs.authorized == 'true' run: npm ci working-directory: llama_stack/ui - name: Run pre-commit if: steps.check_author.outputs.authorized == 'true' id: precommit uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 continue-on-error: true env: SKIP: no-commit-to-branch RUFF_OUTPUT_FORMAT: github - name: Check for changes if: steps.check_author.outputs.authorized == 'true' id: changes run: | if ! git diff --exit-code || [ -n "$(git ls-files --others --exclude-standard)" ]; then echo "has_changes=true" >> $GITHUB_OUTPUT echo "Changes detected after pre-commit" else echo "has_changes=false" >> $GITHUB_OUTPUT echo "No changes after pre-commit" fi - name: Commit and push changes if: steps.check_author.outputs.authorized == 'true' && steps.changes.outputs.has_changes == 'true' run: | git config --local user.email "github-actions[bot]@users.noreply.github.com" git config --local user.name "github-actions[bot]" git add -A git commit -m "style: apply pre-commit fixes šŸ¤– Applied by @github-actions bot via pre-commit workflow" # Push changes git push origin HEAD:${{ steps.check_author.outputs.pr_head_ref }} - name: Comment success with changes if: steps.check_author.outputs.authorized == 'true' && steps.changes.outputs.has_changes == 'true' uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | await github.rest.issues.createComment({ owner: context.repo.owner, repo: context.repo.repo, issue_number: ${{ steps.check_author.outputs.pr_number }}, body: `āœ… Pre-commit hooks completed successfully!\n\nšŸ”§ Changes have been committed and pushed to the PR branch.` }); - name: Comment success without changes if: steps.check_author.outputs.authorized == 'true' && steps.changes.outputs.has_changes == 'false' && steps.precommit.outcome == 'success' uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | await github.rest.issues.createComment({ owner: context.repo.owner, repo: context.repo.repo, issue_number: ${{ steps.check_author.outputs.pr_number }}, body: `āœ… Pre-commit hooks passed!\n\nāœØ No changes needed - your code is already formatted correctly.` }); - name: Comment failure if: failure() uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | await github.rest.issues.createComment({ owner: context.repo.owner, repo: context.repo.repo, issue_number: ${{ steps.check_author.outputs.pr_number }}, body: `āŒ Pre-commit workflow failed!\n\nPlease check the [workflow logs](https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}) for details.` });