From 11132cdb2ab19b80423fecab4af3c0f7f8dd84eb Mon Sep 17 00:00:00 2001
From: Adeeb Shihadeh <adeebshihadeh@gmail.com>
Date: Tue, 23 Jul 2024 11:11:31 -0700
Subject: [PATCH] CI: setup triggering jenkins for forks (#33049)

old-commit-hash: d828ac43444dad2d25dafcd4ba7543230b1f156f
---
 .github/workflows/jenkins-pr-trigger.yaml | 50 +++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 .github/workflows/jenkins-pr-trigger.yaml

diff --git a/.github/workflows/jenkins-pr-trigger.yaml b/.github/workflows/jenkins-pr-trigger.yaml
new file mode 100644
index 0000000000..42ef4a7391
--- /dev/null
+++ b/.github/workflows/jenkins-pr-trigger.yaml
@@ -0,0 +1,50 @@
+name: jenkins scan
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  # TODO: gc old branches in a separate job in this workflow
+  scan-comments:
+    runs-on: ubuntu-latest
+    if: github.event.issue.pull_request != null
+    steps:
+    - name: Check if comment contains trigger phrase and is from someone with write access
+      id: check_comment
+      uses: actions/github-script@v6
+      with:
+        script: |
+          const triggerPhrase = "trigger-jenkins";
+          const comment = context.payload.comment.body;
+          const commenter = context.payload.comment.user.login;
+
+          const { data: permissions } = await github.rest.repos.getCollaboratorPermissionLevel({
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            username: commenter
+          });
+
+          const hasWriteAccess = permissions.permission === 'write' || permissions.permission === 'admin';
+
+          return (hasWriteAccess && comment.includes(triggerPhrase));
+        result-encoding: boolean
+
+    - name: Set PR number
+      id: set_pr_number
+      if: steps.check_comment.outputs.result == 'true'
+      run: echo "PR_NUMBER=$(echo ${{ github.event.issue.number }})" >> $GITHUB_ENV
+
+    - name: Checkout repository
+      if: steps.check_comment.outputs.result == 'true'
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ github.event.issue.pull_request.head.ref }}
+
+    - name: Push to tmp-jenkins branch
+      if: steps.check_comment.outputs.result == 'true'
+      run: |
+        git config --global user.name "github-actions[bot]"
+        git config --global user.email "github-actions[bot]@users.noreply.github.com"
+        git checkout -b tmp-jenkins-${{ env.PR_NUMBER }}
+        git push -f origin tmp-jenkins-${{ env.PR_NUMBER }}