CodeQL - Post Comment #48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CodeQL - Post Comment" | |
| on: | |
| workflow_run: | |
| workflows: ["CodeQL Analysis"] | |
| types: | |
| - completed | |
| permissions: | |
| pull-requests: write | |
| issues: write | |
| jobs: | |
| post-comment: | |
| runs-on: ubuntu-latest | |
| if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion != 'cancelled' | |
| steps: | |
| - name: Download PR comment data | |
| uses: actions/download-artifact@fa0a91b85d4f404e8442c7c958156baef1102941 # v4.1.8 | |
| with: | |
| name: codeql-pr-data | |
| run-id: ${{ github.event.workflow_run.id }} | |
| github-token: ${{ secrets.WORKFLOW_PAT }} # Needed to download artifacts from other runs if private/internal | |
| path: pr_comment_data | |
| continue-on-error: true | |
| - name: Post Comment | |
| # Only run if the artifact was found (meaning alerts exist) | |
| if: success() && hashFiles('pr_comment_data/pr_number.txt') != '' | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| with: | |
| github-token: ${{ secrets.WORKFLOW_PAT }} | |
| script: | | |
| const fs = require('fs'); | |
| const path = require('path'); | |
| const prNumberPath = path.join('pr_comment_data', 'pr_number.txt'); | |
| const commentBodyPath = path.join('pr_comment_data', 'comment_body.md'); | |
| if (!fs.existsSync(prNumberPath) || !fs.existsSync(commentBodyPath)) { | |
| console.log('Artifact data missing, skipping comment.'); | |
| return; | |
| } | |
| const prNumber = Number(fs.readFileSync(prNumberPath, 'utf8').trim()); | |
| const body = fs.readFileSync(commentBodyPath, 'utf8'); | |
| const marker = '<!-- codeql-alerts -->'; | |
| const legacyMarker = '<!-- codeql-new-alerts -->'; | |
| // Append marker if missing | |
| const finalBody = body.includes(marker) ? body : `${body}\n${marker}`; | |
| console.log(`Processing PR #${prNumber}`); | |
| const { data: comments } = await github.rest.issues.listComments({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: prNumber, | |
| }); | |
| const existing = comments.find(c => c.body.includes(marker) || c.body.includes(legacyMarker)); | |
| if (existing) { | |
| console.log(`Updating existing comment ${existing.id}`); | |
| await github.rest.issues.updateComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| comment_id: existing.id, | |
| body: finalBody | |
| }); | |
| } else { | |
| console.log(`Creating new comment`); | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: prNumber, | |
| body: finalBody | |
| }); | |
| } |