CI: setup triggering jenkins for forks (#33049)

old-commit-hash: d828ac4344

.github/workflows/jenkins-pr-trigger.yaml

@@ -0,0 +1,50 @@
+name: jenkins scan
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  # TODO: gc old branches in a separate job in this workflow
+  scan-comments:
+    runs-on: ubuntu-latest
+    if: github.event.issue.pull_request != null
+    steps:
+    - name: Check if comment contains trigger phrase and is from someone with write access
+      id: check_comment
+      uses: actions/github-script@v6
+      with:
+        script: |
+          const triggerPhrase = "trigger-jenkins";
+          const comment = context.payload.comment.body;
+          const commenter = context.payload.comment.user.login;
+
+          const { data: permissions } = await github.rest.repos.getCollaboratorPermissionLevel({
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            username: commenter
+          });
+
+          const hasWriteAccess = permissions.permission === 'write' || permissions.permission === 'admin';
+
+          return (hasWriteAccess && comment.includes(triggerPhrase));
+        result-encoding: boolean
+
+    - name: Set PR number
+      id: set_pr_number
+      if: steps.check_comment.outputs.result == 'true'
+      run: echo "PR_NUMBER=$(echo ${{ github.event.issue.number }})" >> $GITHUB_ENV
+
+    - name: Checkout repository
+      if: steps.check_comment.outputs.result == 'true'
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ github.event.issue.pull_request.head.ref }}
+
+    - name: Push to tmp-jenkins branch
+      if: steps.check_comment.outputs.result == 'true'
+      run: |
+        git config --global user.name "github-actions[bot]"
+        git config --global user.email "github-actions[bot]@users.noreply.github.com"
+        git checkout -b tmp-jenkins-${{ env.PR_NUMBER }}
+        git push -f origin tmp-jenkins-${{ env.PR_NUMBER }}