🐛 Search for PRs from the current token user

dflook · dflook · commit db316e448c64 · 2020-09-02T23:30:09.000+01:00
Don't assume the default github actions token before checking
if it is a user PAT
diff --git a/.github/workflows/test-apply.yaml b/.github/workflows/test-apply.yaml
@@ -343,3 +343,32 @@ jobs:
             echo "Apply did not fail correctly"
             exit 1
           fi
+
+  apply_user_token:
+    runs-on: ubuntu-latest
+    name: Apply using a personal access token
+    env:
+      GITHUB_TOKEN: ${{ secrets.USER_GITHUB_TOKEN }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Plan
+        uses: ./terraform-plan
+        with:
+          label: User PAT
+          path: tests/apply/changes
+
+      - name: Apply
+        uses: ./terraform-apply
+        id: output
+        with:
+          label: User PAT
+          path: tests/apply/changes
+
+      - name: Verify outputs
+        run: |
+          if [[ "${{ steps.output.outputs.output_string }}" != "the_string" ]]; then
+            echo "::error:: output s not set correctly"
+            exit 1
+          fi
diff --git a/image/tools/github_pr_comment.py b/image/tools/github_pr_comment.py
@@ -70,6 +70,18 @@ def find_pr() -> str:
     else:
         raise Exception(f"The {event_type} event doesn\'t relate to a Pull Request.")
 
+def current_user() -> str:
+    response = github.get('https://api.github.com/user')
+    if response.status_code != 403:
+        user = response.json()
+        debug('GITHUB_TOKEN user:')
+        debug(json.dumps(user))
+
+        return user['login']
+
+    # Assume this is the github actions app token
+    return 'github-actions[bot]'
+
 class TerraformComment:
     """
     The GitHub comment for this specific terraform plan
@@ -90,7 +102,7 @@ def __init__(self, pr_url: str):
         debug('Looking for an existing comment:')
         for comment in response.json():
             debug(json.dumps(comment))
-            if comment['user']['login'] == 'github-actions[bot]':
+            if comment['user']['login'] == current_user():
                 match = re.match(rf'{re.escape(self._comment_identifier)}\n```(.*?)```(.*)', comment['body'], re.DOTALL)
 
                 if not match:
diff --git a/tests/terraform-cloud/main.tf b/tests/terraform-cloud/main.tf
@@ -6,7 +6,7 @@ terraform {
       prefix = "github-actions-"
     }
   }
-  required_version = "~> 0.13.0"
+  required_version = "0.13.0"
 }
 
 resource "random_id" "the_id" {

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ terraform {`
`6`	`6`	`prefix = "github-actions-"`
`7`	`7`	`}`
`8`	`8`	`}`
`9`		`- required_version = "~> 0.13.0"`
	`9`	`+ required_version = "0.13.0"`
`10`	`10`	`}`
`11`	`11`
`12`	`12`	`resource "random_id" "the_id" {`