numpy-ascend/.github/workflows/pr-project.yml at ascend · qingfengxia/numpy-ascend · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
name: "Project (Pull-Request)"

on:
  workflow_run:
    workflows: ["Pull-Request Update"]
    types: [completed]

jobs:
  needs-attention:
    # Brings the pull-request to attention by any activities triggered by users other than assignees.
    # c.f. https://docs.github.com/en/issues/planning-and-tracking-with-projects/automating-your-project/automating-projects-using-actions
    # c.f. https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
    if: |
      github.repository_owner == 'cupy' &&
      github.event.workflow_run.conclusion == 'success'

    runs-on: ubuntu-22.04
    steps:
      - name: Generate Token
        uses: actions/create-github-app-token@v1
        id: token
        with:
          app-id: 349488
          private-key: ${{ secrets.GH_APP_PROJECT_AUTOMATION_PEM }}

      # Get the pull-request number.
      - name: Download artifact
        uses: actions/download-artifact@v4
        with:
          name: PULL_REQUEST_NUMBER
          github-token: ${{ steps.token.outputs.token }}
          run-id: ${{ github.event.workflow_run.id }}

      - name: Update Status
        shell: /usr/bin/bash -uex "{0}"
        env:
          GH_TOKEN: ${{ steps.token.outputs.token }}
        run: |
          PULL_REQUEST="$(cat 'PULL_REQUEST_NUMBER')"
          echo "::notice::Pull-Request: #${PULL_REQUEST} (triggered by https://github.com/cupy/cupy/actions/runs/${{ github.event.workflow_run.id }})"

          # https://github.com/orgs/cupy/projects/4
          gh api graphql -F "pull_request=${PULL_REQUEST}" -f query='
            query ($pull_request: Int!) {
              organization(login: "cupy") {
                projectV2(number: 4) {
                  id
                  field(name: "Status") {
                    ... on ProjectV2SingleSelectField {
                      id
                      options {
                        id
                        name
                      }
                    }
                  }
                }
                repository(name: "cupy") {
                  pullRequest(number: $pull_request) {
                    state
                    projectItems(first: 100, includeArchived: false) {
                      nodes {
                        project {
                          id
                        }
                        id
                      }
                    }
                  }
                }
              }
            }
          ' --jq '
            .data.organization.projectV2 as $project |
            .data.organization.repository as $repo |
            {
              "project_id": $project.id,
              "field_id":   $project.field.id,
              "option_id":  $project.field.options[] | select(.name == "Needs Attention") | .id,
              "item_id":    (($repo.pullRequest.projectItems.nodes[] | select(.project.id == $project.id) | .id) // -1),
              "state":      $repo.pullRequest.state
            }
          ' > params.json
          jq . params.json
          if [[ $(jq .item_id params.json) == -1 && $(jq .state params.json) != OPEN ]]; then
            echo "The pull-request is already closed."
            exit
          fi

          gh api graphql $(jq -r '[to_entries[] | "-F " + .key + "=\"" + .value + "\""] | join(" ")' params.json) -f query='
            mutation ($project_id: ID!, $field_id: ID!, $item_id: ID!) {
              updateProjectV2ItemFieldValue(
                input: {projectId: $project_id, fieldId: $field_id, itemId: $item_id, value: {singleSelectOptionId: "98236657"}}
              ) {
                clientMutationId
              }
            }
          '