Automatic commenting on a PR #26002
-
Hi folks. I am trying to extend what I described here to automatic commenting on the latest PR I would create. Here’s what I have done so far -
With this setup, the It’s very weird to me that Edit: I was able to resolve the issue and I can now see automatic comments on the latest PR - Is it possible to have a GitHub bot make this comment? I tried the following, but it did not work out -
|
Beta Was this translation helpful? Give feedback.
Replies: 15 comments
-
sayakpaul:
According to Permissions for the Two other things:
|
Beta Was this translation helpful? Give feedback.
-
Thanks, @airtower-luna. I incorporated your suggestions. But I do not see any workflow to trigger. I am probably missing out on something. Also, could you elaborate on what did you mean by
airtower-luna:
|
Beta Was this translation helpful? Give feedback.
-
The linked workflow doesn’t seem to have anything to do with the one discussed above. 😅
sayakpaul:
Use an environment variable to pass the token to your script, like so:
And in your script use
to get the value. This has the advantage that the token isn’t part of the command line, where it can easily be seen by other processes. The risk that someone else is able to run commands on the runner VM is probably low, but its good to always keep this kind of thing in mind. |
Beta Was this translation helpful? Give feedback.
-
airtower-luna:
This is because this workflow never ran. |
Beta Was this translation helpful? Give feedback.
-
Here’s one you can model from: OWASP/www-project-vulnerable-web-applications-directory/blob/94c5605064375de63e9e266bcf5a4cba08fa2193/.github/workflows/pr_comment.yml
This file has been truncated. show original Here’s an example of it in action: Adding a new online resource
|
Beta Was this translation helpful? Give feedback.
-
Thank you for chiming in. But currently, I would like to use this script when |
Beta Was this translation helpful? Give feedback.
-
I did try it but it did not run. Maybe I am missing out on something? |
Beta Was this translation helpful? Give feedback.
-
Hi @sayakpaul, For event ‘pull_request_target’, Which means If your code exists in PR compare branch, you need to specify the repo(and may be with ref), such as:
And i also tried the workflow same as you, it works fine on my side. My workflow is here. Please set the event ‘pull_request_target’ on your base repo and base branch, not the PR compare branch. Thanks |
Beta Was this translation helpful? Give feedback.
-
sayakpaul:
It won’t run in the PR that’s adding it. (This seems to be a discrepancy of |
Beta Was this translation helpful? Give feedback.
-
Thanks @kingthorin for the explanation. In my case, what would you suggest? |
Beta Was this translation helpful? Give feedback.
-
Thanks so much for the help. @weide-zhou. Quick question: I modified
But the workflow still does not run it appears. Anything I am missing out on? |
Beta Was this translation helpful? Give feedback.
-
If the action/github-script based solution works for your then commit it directly to your default branch (or create a PR and merge it) then open another PR to see that it works… |
Beta Was this translation helpful? Give feedback.
-
How would I pass an environmental variable to the I have loaded some content from a file into a variable and I would like to pass that to
|
Beta Was this translation helpful? Give feedback.
-
Hi @sayakpaul, Your action cannot get the var $body since they are in separated steps.
Thanks |
Beta Was this translation helpful? Give feedback.
-
Another useful lesson. Thank you so much. |
Beta Was this translation helpful? Give feedback.
Hi @sayakpaul,
For event ‘pull_request_target’,
Which means
actions/checkout
will get codes from base branch by default, not the fake merge branch or PR compare branch.If your code exists in PR compare branch, you need to specify the repo(and may be with ref), such as:
And i also tried the workflow same as you, it works fine on my side.
My workflow is here. Please set the event ‘pull_request_target’ on your base repo and base branch, not the PR compare branch.
Thanks