tools: add tool that fills pr-url as code review suggestion
#61247
Conversation
|
Review requested:
|
nodejs-github-bot
added
meta
| REPO: ${{ github.repository }} | ||
| SHA: ${{ github.sha }} |
There was a problem hiding this comment.
We can use $GITHUB_REPOSITORY and $GITHUB_SHA that are already defined (see https://docs.github.com/en/actions/reference/workflows-and-actions/variables#default-environment-variables)
tools/actions/suggest-fill-prurl.mjs
Outdated
|
|
||
| // https://docs.github.com/en/rest/pulls/reviews?apiVersion=2022-11-28#create-a-review-for-a-pull-request | ||
| await fetch( | ||
| new URL(`repos/${REPO}/pulls/${PR_NUMBER}/reviews`, 'https://api.github.com'), |
There was a problem hiding this comment.
| new URL(`repos/${REPO}/pulls/${PR_NUMBER}/reviews`, 'https://api.github.com'), | |
| new URL(`repos/${REPO}/pulls/${PR_NUMBER}/reviews`, process.env.GITHUB_API_URL || 'https://api.github.com'), |
| const res = await fetch( | ||
| new URL(`repos/${REPO}/pulls/${PR_NUMBER}/files`, 'https://api.github.com'), | ||
| { headers }, | ||
| ); |
There was a problem hiding this comment.
Would it be better to use octokit here, rather than manually interacting with the API?
There was a problem hiding this comment.
I'm fine with either way, by default manual requests should have slightly less overhead. Are there benefits from using octikit here?
There was a problem hiding this comment.
Are there benefits from using octikit here?
Primarily that if the API structure changes, Octokit will adjust accordingly without the need for us to make any manual changes
Co-authored-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
avivkeller
left a comment
avivkeller
left a comment
There was a problem hiding this comment.
The pull_request trigger can't access secrets from fork PRs.
| node-version: latest | ||
| - run: ./tools/actions/suggest-fill-prurl.mjs | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GH_USER_TOKEN }} |
There was a problem hiding this comment.
| GH_TOKEN: ${{ secrets.GH_USER_TOKEN }} | |
| GH_TOKEN: ${{ github.token }} |
There was a problem hiding this comment.
Even so, fork PR tokens don't have the necessary access. I'd recommend changing the trigger to pull_request_target (with all security precautions needed)
5 participants
Having to fill
pr-urlin docs is sometimes annoying, since there's no guaranteed way to predict the PR number before pushing the changes.This PR adds tool that searches for
https://github.com/nodejs/node/pull/FILLMEand postshttps://github.com/nodejs/node/pull/12345(where12345is actual PR number) as code review suggestion (```suggestion).To avoid unnecessary flooding, it triggers only on initial open, and only if pr-url was explicitly set as
https://github.com/nodejs/node/pull/FILLMEin the files.This also could be addressed as local tool, or even as ncu feature (e.g.
git node i-feel-luckyto guess the next number, fill and commit).