|
33 | 33 |
|
34 | 34 | # Workflow policy inputs |
35 | 35 | REVIEW_LABEL: Needs-Restricted-Paths-Review |
| 36 | + # Temporary testing recipe for agents: |
| 37 | + # 1. Change pull_request_target to pull_request. |
| 38 | + # 2. Set DRY_RUN_REVIEW_LABEL_WRITES to true. |
| 39 | + # 3. Add a dummy comment or whitespace-only change in |
| 40 | + # cuda_bindings/README.md to trigger restricted-path detection |
| 41 | + # without affecting build/package behavior. |
| 42 | + # 4. Replace both trusted case patterns below with DRY_RUN_NEVER_MATCH |
| 43 | + # so the test does not depend on the tester's GitHub identity: |
| 44 | + # MEMBER|OWNER and admin|maintain|write|triage. |
| 45 | + # 5. Commit these changes as a temporary dry-run test commit and revert |
| 46 | + # that commit before merge. |
| 47 | + DRY_RUN_REVIEW_LABEL_WRITES: false |
36 | 48 |
|
37 | 49 | # API request context/auth |
38 | 50 | GH_TOKEN: ${{ github.token }} |
@@ -125,11 +137,25 @@ jobs: |
125 | 137 | echo '```' |
126 | 138 | } |
127 | 139 |
|
| 140 | + build_review_label_comment() { |
| 141 | + printf '%s\n\n%s\n\n%s\n\n%s\n\n%s\n' \ |
| 142 | + "\`$REVIEW_LABEL\` was assigned by \`CI: Restricted Paths Guard\`." \ |
| 143 | + "For details, open [this workflow run]($RUN_URL) and click **Summary**." \ |
| 144 | + "For external contributors: thank you for your interest in improving CUDA Python. The \`cuda_bindings/\` package is distributed under the [NVIDIA Software License](https://github.com/NVIDIA/cuda-python/blob/main/cuda_bindings/LICENSE), which does not allow us to accept external contributions to files under \`cuda_bindings/\` in this repository." \ |
| 145 | + "Please close this PR. If your changes also include updates outside \`cuda_bindings/\`, please open a new PR containing only those changes so we can review them separately under the applicable license." \ |
| 146 | + "If you are an NVIDIA employee and believe this label was applied in error, no action is needed; a maintainer will review and remove the label if appropriate." |
| 147 | + } |
| 148 | +
|
| 149 | + write_review_label_comment_dry_run() { |
| 150 | + echo "- **Dry-run comment body**:" |
| 151 | + echo '```markdown' |
| 152 | + build_review_label_comment |
| 153 | + echo '```' |
| 154 | + } |
| 155 | +
|
128 | 156 | post_review_label_comment() { |
129 | 157 | local comment_body |
130 | | - printf -v comment_body '%s\n\n%s\n' \ |
131 | | - "\`$REVIEW_LABEL\` was assigned by \`CI: Restricted Paths Guard\`." \ |
132 | | - "For details, open [this workflow run]($RUN_URL) and click **Summary**." |
| 158 | + comment_body=$(build_review_label_comment) |
133 | 159 |
|
134 | 160 | if gh api "repos/$REPO/issues/$PR_NUMBER/comments" \ |
135 | 161 | -f body="$comment_body" >/dev/null; then |
@@ -242,6 +268,16 @@ jobs: |
242 | 268 | if [ "$NEEDS_REVIEW_LABEL" = "true" ]; then |
243 | 269 | if [ "$LABEL_ALREADY_PRESENT" = "true" ]; then |
244 | 270 | LABEL_ACTION="already present" |
| 271 | + elif [ "$DRY_RUN_REVIEW_LABEL_WRITES" = "true" ]; then |
| 272 | + LABEL_ACTION="would add (dry run)" |
| 273 | + COMMENT_ACTION="would post (dry run)" |
| 274 | + { |
| 275 | + echo "## Restricted Paths Guard Dry Run" |
| 276 | + echo "" |
| 277 | + echo "- **Would add label**: \`$REVIEW_LABEL\`" |
| 278 | + echo "" |
| 279 | + write_review_label_comment_dry_run |
| 280 | + } >> "$GITHUB_STEP_SUMMARY" |
245 | 281 | elif ! gh pr edit "$PR_NUMBER" --repo "$REPO" --add-label "$REVIEW_LABEL"; then |
246 | 282 | echo "::error::Failed to add the $REVIEW_LABEL label." |
247 | 283 | { |
|
0 commit comments