Skip to content
This repository was archived by the owner on Feb 12, 2026. It is now read-only.
.github/workflows/bot.yml

fix: make secrets optional for fork PRs #1

Sign in to view logs

fix: make secrets optional for fork PRs

fix: make secrets optional for fork PRs #1

Workflow file for this run

.github/workflows/bot.yml at d5e2538
name: DevHub Bot

Check failure on line 1 in .github/workflows/bot.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/bot.yml

Invalid workflow file 

(Line: 41, Col: 13): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.DEVHUB_APP_ID && secrets.DEVHUB_APP_PRIVATE_KEY, (Line: 107, Col: 13): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.DEVHUB_APP_ID && secrets.DEVHUB_APP_PRIVATE_KEY, (Line: 131, Col: 13): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.DEVHUB_APP_ID && secrets.DEVHUB_APP_PRIVATE_KEY
on:
workflow_call:
inputs:
thank_you_message:
required: false
default: "Thank you for opening this PR! Repo maintainers will review it ASAP πŸš€"
type: string
merge_thank_you_message:
required: false
default: "πŸŽ‰ Thank you for contributing! We really appreciate your work."
type: string
cc_warning_message:
required: false
default: "⚠️ Please consider using Conventional Commits (e.g. feat:, fix:, docs:).\nhttps://www.conventionalcommits.org/en/v1.0.0/"
type: string
secrets:
DEVHUB_APP_ID:
required: false
DEVHUB_APP_PRIVATE_KEY:
required: false
jobs:
pr-handler:
runs-on: ubuntu-latest
if: github.event.pull_request != null
steps:
- name: Checkout base branch
uses: actions/checkout@v5
with:
ref: ${{ github.event.pull_request.base.ref }}
fetch-depth: 0
persist-credentials: false
- name: Generate DevHub Bot token
if: ${{ secrets.DEVHUB_APP_ID && secrets.DEVHUB_APP_PRIVATE_KEY }}
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.DEVHUB_APP_ID }}
private-key: ${{ secrets.DEVHUB_APP_PRIVATE_KEY }}
- name: Fetch PR commits
id: commits
uses: actions/github-script@v7
with:
github-token: ${{ steps.app-token.outputs.token || github.token }}
script: |
const commits = await github.paginate(
github.rest.pulls.listCommits,
{
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.payload.pull_request.number
}
);
core.setOutput("messages", JSON.stringify(commits.map(c => c.commit.message)));
- name: Check CC compliance
id: analyze
run: |
echo '${{ steps.commits.outputs.messages }}' > commits.json
NON_CC=false
regex='^(feat|fix|docs|style|refactor|perf|test|chore)(\(.+\))?:\ .+'
while read -r msg; do
if [[ ! "$msg" =~ $regex ]]; then
NON_CC=true
break
fi
done < <(jq -r '.[]' commits.json)
echo "non_cc=$NON_CC" >> $GITHUB_OUTPUT
- name: Comment PR
uses: actions/github-script@v7
with:
github-token: ${{ steps.app-token.outputs.token || github.token }}
script: |
const nonCC = "${{ steps.analyze.outputs.non_cc }}" === "true";
const body = nonCC
? `${{ inputs.cc_warning_message }}`
: `${{ inputs.thank_you_message }}`;
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.pull_request.number,
body
});
pr-merged:
runs-on: ubuntu-latest
if: github.event.pull_request != null && github.event.pull_request.merged == true
steps:
- uses: actions/checkout@v5
with:
ref: ${{ github.event.pull_request.base.ref }}
- name: Generate DevHub Bot token
if: ${{ secrets.DEVHUB_APP_ID && secrets.DEVHUB_APP_PRIVATE_KEY }}
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.DEVHUB_APP_ID }}
private-key: ${{ secrets.DEVHUB_APP_PRIVATE_KEY }}
- name: Thank contributor
uses: actions/github-script@v7
with:
github-token: ${{ steps.app-token.outputs.token || github.token }}
script: |
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.pull_request.number,
body: `${{ inputs.merge_thank_you_message }}`
});
issue-opened:
runs-on: ubuntu-latest
if: github.event_name == 'issues' && github.event.action == 'opened'
steps:
- name: Generate DevHub Bot token
if: ${{ secrets.DEVHUB_APP_ID && secrets.DEVHUB_APP_PRIVATE_KEY }}
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.DEVHUB_APP_ID }}
private-key: ${{ secrets.DEVHUB_APP_PRIVATE_KEY }}
- name: Handle issue open (labels + comment)
uses: actions/github-script@v7
with:
github-token: ${{ steps.app-token.outputs.token || github.token }}
script: |
const issue = context.payload.issue;
const text = `${issue.title}\n${issue.body ?? ""}`.toLowerCase();
const rules = [
{ label: "bug", keywords: ["bug", "error", "crash", "fail", "issue"] },
{ label: "enhancement", keywords: ["feature", "request", "enhance"] },
{ label: "documentation", keywords: ["docs", "readme", "documentation"] },
{ label: "question", keywords: ["question", "help"] },
];
const labels = rules
.filter(r => r.label && r.keywords.some(k => text.includes(k)))
.map(r => r.label)
.filter(l => typeof l === "string" && l.trim().length > 0);
if (labels.length > 0) {
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issue.number,
labels,
});
}
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issue.number,
body: [
"πŸ‘‹ **Thanks for opening this issue!**",
"",
"Our maintainers have been notified and will review it as soon as possible πŸš€",
"",
"πŸ“Œ **To help us resolve this faster:**",
"- Include clear steps to reproduce (for bugs)",
"- Mention expected vs actual behavior",
"- Add screenshots or logs if relevant",
"",
"Thanks for contributing to **Open DevHub** πŸ’™",
].join("\n"),
});