Add PR comment

Author: snazy

.github/workflows/check-project-actions.yml

@@ -65,6 +65,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
+      pull-requests: write
     steps:
       - name: "Checkout apache/infrastructure-actions"
         uses: actions/checkout@v2
@@ -91,3 +92,10 @@ jobs:
 
           import check_repository_actions as c
           c.check_project_actions('./repository-to-be-checked', './approved_patterns.yml')
+
+      - name: Comment on PR
+        if: failure() && github.event_name == 'pull_request'
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run:
+          gh pr --repo ${{ github.repository }} comment ${{ github.event.pull_request.number }} --body-file step-summary-output.txt

gateway/check_repository_actions.py

@@ -159,23 +159,33 @@ def check_project_actions(repository: str | os.PathLike, approved_patterns_file:
                         failures.append(f"❌ {relative_path} {yaml_path}: '{uses_value}' is not approved")
 
     if on_gha():
+        summary_lines: list[str] = [
+            "# GitHub Actions verification result",
+            "",
+            "For more information visit the [ASF Infrastructure GitHub Actions Policy](https://infra.apache.org/github-actions-policy.html) page",
+            "and the [ASF Infrastructure Actions](https://github.com/apache/infrastructure-actions) repository.",
+        ]
+
+        if len(failures) > 0:
+            summary_lines.extend(["", f"## Failures ({len(failures)})"])
+            for msg in failures:
+                summary_lines.extend([msg, ""])
+
+        if len(warnings) > 0:
+            summary_lines.extend(["", f"## Warnings ({len(warnings)})"])
+            for msg in warnings:
+                summary_lines.extend([msg, ""])
+
+        if len(failures) == 0:
+            summary_lines.append("✅ Success, all action usages match the currently approved patterns.")
+
+        summary_text = "\n".join(summary_lines).rstrip() + "\n"
+
         with open(os.environ["GITHUB_STEP_SUMMARY"], "a") as f:
-            f.write(f"# GitHub Actions verification result\n")
-            f.write("\n")
-            f.write("For more information visit the [ASF Infrastructure GitHub Actions Policy](https://infra.apache.org/github-actions-policy.html) page\n")
-            f.write("and the [ASF Infrastructure Actions](https://github.com/apache/infrastructure-actions) repository.\n")
-            if len(failures) > 0:
-                f.write("\n")
-                f.write(f"## Failures ({len(failures)})\n")
-                for msg in failures:
-                    f.write(f"{msg}\n\n")
-            if len(warnings) > 0:
-                f.write("\n")
-                f.write(f"## Warnings ({len(warnings)})\n")
-                for msg in warnings:
-                    f.write(f"{msg}\n\n")
-            if len(failures) == 0:
-                f.write(f"✅ Success, all action usages match the currently approved patterns.\n")
+            f.write(summary_text)
+        # This file is used in the workflow to post a comment on a pull request.
+        with open("step-summary-output.txt", "a") as f:
+            f.write(summary_text)
 
     if len(failures) > 0:
         raise Exception(f"One or more action references are not approved or explicitly blocked:\n{"\n".join(failures)}")