mirror of
https://github.com/nexu-io/open-design.git
synced 2026-06-01 03:14:35 +07:00
80 lines
2.8 KiB
YAML
80 lines
2.8 KiB
YAML
name: Contributor Card Bot
|
|
|
|
# Triggers chosen for fork-safety: every event below either targets the base
|
|
# repo directly (issues, discussions, discussion_comment) or is the GitHub-
|
|
# blessed fork-safe variant (pull_request_target).
|
|
#
|
|
# Intentionally NOT included: pull_request_review, pull_request_review_comment,
|
|
# issue_comment. GitHub withholds repository secrets from these events when
|
|
# they originate on forked PRs, which is precisely the path most external
|
|
# contributor activity takes; the bot requires BOT_APP_* secrets to authenticate,
|
|
# so wiring those events here would fail-closed exactly for the contributors we
|
|
# want to recognize. They can be re-added later via a workflow_run handoff.
|
|
on:
|
|
pull_request_target:
|
|
types: [closed]
|
|
issues:
|
|
types: [opened]
|
|
discussion:
|
|
types: [created]
|
|
discussion_comment:
|
|
types: [created]
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
# Serialize all bot runs across the whole repository. The bot reads-then-writes
|
|
# `data/contributor-card-state.json`; running events in parallel let multiple
|
|
# runs read the same SHA and only the first PUT succeeds, the rest fail with a
|
|
# 409 Conflict. They also let the same actor receive duplicate cards when a
|
|
# burst of events fires before the first state write lands. A single repo-wide
|
|
# group with `cancel-in-progress: false` queues runs and processes them in
|
|
# arrival order, so every event still gets a card and the state file is never
|
|
# stale on write.
|
|
concurrency:
|
|
group: contributor-card-bot
|
|
cancel-in-progress: false
|
|
|
|
jobs:
|
|
recognize:
|
|
name: Render and post contributor card
|
|
if: |
|
|
github.repository == 'nexu-io/open-design' &&
|
|
(
|
|
(github.event_name == 'pull_request_target' && github.event.pull_request.merged == true) ||
|
|
(github.event_name == 'issues' && github.event.action == 'opened') ||
|
|
(github.event_name == 'discussion' && github.event.action == 'created') ||
|
|
(github.event_name == 'discussion_comment' && github.event.action == 'created') ||
|
|
github.event_name == 'workflow_dispatch'
|
|
)
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 8
|
|
|
|
steps:
|
|
- name: Checkout contributor bot
|
|
uses: actions/checkout@v6.0.2
|
|
with:
|
|
repository: nexu-io/open-design-bot-sandbox
|
|
ref: main
|
|
|
|
- name: Setup pnpm
|
|
uses: pnpm/action-setup@v4
|
|
with:
|
|
version: 10
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v6.0.0
|
|
with:
|
|
node-version: 22
|
|
cache: pnpm
|
|
|
|
- name: Install bot dependencies
|
|
run: pnpm install --frozen-lockfile
|
|
|
|
- name: Run contributor bot
|
|
env:
|
|
BOT_APP_ID: ${{ secrets.BOT_APP_ID }}
|
|
BOT_APP_INSTALLATION_ID: ${{ secrets.BOT_APP_INSTALLATION_ID }}
|
|
BOT_APP_PRIVATE_KEY: ${{ secrets.BOT_APP_PRIVATE_KEY }}
|
|
run: pnpm exec tsx scripts/action-handler.ts
|