Skip to content

openyurt security self-assessment #2014

openyurt security self-assessment

openyurt security self-assessment #2014

name: Rerun Failed Workflows
on:
issue_comment:
types: [created]
jobs:
rerun_failed_workflows:
runs-on: ubuntu-22.04
steps:
- name: Check for Command and Access Level
id: check
uses: actions/[email protected]
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const issue = context.issue;
const username = context.payload.comment.user.login;
const regex = /\/rerun/g;
const comment = await github.rest.issues.getComment({
owner: issue.owner,
repo: issue.repo,
comment_id: context.payload.comment.id,
});
if (regex.test(comment.data.body)) {
const permissionLevel = await github.rest.repos.getCollaboratorPermissionLevel({
owner: issue.owner,
repo: issue.repo,
username: username,
});
if (['admin', 'write', 'read'].includes(permissionLevel.data.permission)) {
console.log(`User ${username} with permission ${permissionLevel.data.permission} has access to rerun failed workflows`);
return true;
} else {
console.log(`User ${username} with permission ${permissionLevel.data.permission} does not have access to rerun failed workflows`);
return false;
}
} else {
return false;
}
result-encoding: string
- name: Fetch and rerun failed workflows
if: steps.check.outputs.result == 'true'
uses: actions/[email protected]
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const issue = context.issue;
const pull = await github.rest.pulls.get({
owner: issue.owner,
repo: issue.repo,
pull_number: issue.number,
});
const workflows = await github.rest.actions.listWorkflowRunsForRepo({
owner: issue.owner,
repo: issue.repo,
branch: pull.data.head.ref,
status: 'failure',
});
for (const run of workflows.data.workflow_runs) {
const result = await github.rest.actions.reRunWorkflowFailedJobs({
owner: issue.owner,
repo: issue.repo,
run_id: run.id,
});
console.log(`reRunWorkflowFailedJobs workflow ${JSON.stringify(run)} with response ${JSON.stringify(result)}`);
}