This repository has been archived by the owner on Mar 10, 2024. It is now read-only.

Post PR Suggestions #1

	# Modelled after https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

	name: Post PR Suggestions

	on:
	workflow_run:
	workflows: ["PR Suggestions"]
	types:
	- completed

	jobs:
	comment:
	runs-on: ubuntu-latest
	if: >
	${{ github.event.workflow_run.event == 'pull_request' &&
	github.event.workflow_run.conclusion == 'success' }}

	steps:
	- name: 'Download artifact'
	uses: actions/github-script@v6
	with:
	script: \|
	var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
	owner: context.repo.owner,
	repo: context.repo.repo,
	run_id: ${{github.event.workflow_run.id }},
	});
	var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
	return artifact.name == "pr"
	})[0];
	var download = await github.rest.actions.downloadArtifact({
	owner: context.repo.owner,
	repo: context.repo.repo,
	artifact_id: matchArtifact.id,
	archive_format: 'zip',
	});
	var fs = require('fs');
	fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data));
	- run: unzip pr.zip

	- uses: actions/github-script@v6
	with:
	script: \|
	const { promises: fs } = require('fs')
	const event = (await fs.readFile('event', 'utf8')).trim()
	const body = (await fs.readFile('body', 'utf8')).trim()
	const issue_number = Number(await fs.readFile('./NR'));

	var req = {
	owner: context.repo.owner,
	pull_number: issue_number,
	repo: context.repo.repo,
	event: event
	};
	if (body !== "") {
	req.body = body;
	}
	await github.rest.pulls.createReview(req);

Provide feedback