# SECURITY: This PR run on untrusted branches. # # Changes to "permissions" and "secrets" should be narrowly scoped and carefully reviewed. # # Reusable workflows, "uses" jobs, *must* specify the main branch. name: Community Pull Request on: pull_request_target: permissions: contents: read # Only required for the PR and changelog comment. pull-requests: write jobs: comment-on-pr: name: Maintainer comment # We only care about commenting on a PR if the PR is from a fork if: github.event.pull_request.head.repo.full_name != github.repository runs-on: ubuntu-latest steps: - name: Comment PR uses: thollander/actions-comment-pull-request@1.0.1 with: message: | PR is now waiting for a maintainer to take action. **Note for the maintainer:** Commands available: * `/run-acceptance-tests` - used to test run the acceptance tests for the project * `/run-codegen` - used to test the Pull Request against downstream codegen * `/run-docs-gen` - used to test the Pull Request against documentation generation GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} changelog-comment: name: Changelog preview if: github.event.pull_request.head.repo.full_name != github.repository permissions: contents: read pull-requests: write uses: pulumi/pulumi/.github/workflows/on-pr-changelog.yml@master with: ref: refs/pull/${{ github.event.pull_request.number }}/merge base-ref: origin/${{ github.base_ref }} pr-number: ${{ github.event.pull_request.number }} changelog-required: ${{ !contains(github.event.pull_request.labels.*.name, 'impact/no-changelog-required') }} secrets: # Scope secrets to the minimum required: PULUMI_BOT_TOKEN: ${{ secrets.PULUMI_BOT_TOKEN }}