czcode/.github/workflows/auto-docs.yml at main · clickzetta/czcode · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
name: Auto-docs dry-run intake

# Trigger on merged feature PRs, or manually with a specific PR number.
# IMPORTANT: This workflow intentionally does NOT check out PR code and does NOT
# execute any code from the PR branch. It only reads PR metadata and forwards it
# to a webhook. This is required for safe use of pull_request_target on a public repo.
on:
  pull_request_target:
    types: [closed]
  workflow_dispatch:
    inputs:
      pr_number:
        description: "PR number to test"
        required: true

# Minimal permissions: read repo contents and PR metadata only.
permissions:
  contents: read
  pull-requests: read

# One run per PR at a time. Does not cancel in progress — let the current run
# finish so we don't drop events when a PR is quickly closed/reopened/closed.
concurrency:
  group: auto-docs-${{ github.event.pull_request.number || inputs.pr_number }}
  cancel-in-progress: false

jobs:
  call-valtown:
    if: >
      github.event_name == 'workflow_dispatch' ||
      (
        github.event.pull_request.merged == true &&
        (
          startsWith(github.event.pull_request.title, 'feat:') ||
          startsWith(github.event.pull_request.title, 'feat(')
        )
      )

    runs-on: ubuntu-latest
    timeout-minutes: 5

    steps:
      - name: Build webhook payload
        env:
          GH_TOKEN: ${{ github.token }}
          EVENT_NAME: ${{ github.event_name }}
          REPO: ${{ github.repository }}
          PR_NUMBER_FROM_EVENT: ${{ github.event.pull_request.number }}
          PR_NUMBER_FROM_INPUT: ${{ inputs.pr_number }}
        run: |
          set -euo pipefail

          PR_NUMBER="${PR_NUMBER_FROM_EVENT:-$PR_NUMBER_FROM_INPUT}"

          if [ -z "$PR_NUMBER" ]; then
            echo "Missing PR number"
            exit 1
          fi

          gh api "repos/$REPO/pulls/$PR_NUMBER" > pr.json

          jq -n \
            --arg event_name "$EVENT_NAME" \
            --arg repo "$REPO" \
            --arg pr_number "$PR_NUMBER" \
            --slurpfile pr pr.json \
            '{
              event_name: $event_name,
              repo: $repo,
              pr_number: $pr_number,
              title: $pr[0].title,
              description: ($pr[0].body // ""),
              author: $pr[0].user.login,
              merged_at: ($pr[0].merged_at // ""),
              pr_url: $pr[0].html_url,
              base_branch: $pr[0].base.ref,
              head_branch: $pr[0].head.ref
            }' > payload.json

          echo "Payload created:"
          jq '{
            event_name,
            repo,
            pr_number,
            title,
            author,
            merged_at,
            pr_url,
            base_branch,
            head_branch
          }' payload.json

      - name: Send webhook to Val Town
        env:
          DOC_WEBHOOK_URL: ${{ secrets.DOC_WEBHOOK_URL }}
          DOC_WEBHOOK_SECRET: ${{ secrets.DOC_WEBHOOK_SECRET }}
        run: |
          set -euo pipefail

          if [ -z "${DOC_WEBHOOK_URL:-}" ]; then
            echo "DOC_WEBHOOK_URL secret is not set"
            exit 1
          fi

          if [ -z "${DOC_WEBHOOK_SECRET:-}" ]; then
            echo "DOC_WEBHOOK_SECRET secret is not set"
            exit 1
          fi

          curl --fail-with-body -sS -X POST "$DOC_WEBHOOK_URL" \
            -H "Content-Type: application/json" \
            -H "X-Docs-Webhook-Secret: $DOC_WEBHOOK_SECRET" \
            --data-binary @payload.json