SpacetimeDB/.github/workflows/discord-posts.yml

name: Discord notifications

on:
  pull_request:
    types: [closed]

jobs:
  discordNotification:
    runs-on: ubuntu-latest
    if: github.event.pull_request.merged == true &&
      github.event.pull_request.base.ref == 'master'
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
      - name: Set up GitHub CLI
        run: |
          curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo tee /usr/share/keyrings/githubcli-archive-keyring.gpg > /dev/null
          sudo apt-get install -y apt-transport-https
          echo "deb [arch=amd64 signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list
          sudo apt-get update
          sudo apt-get install -y gh

      # TODO: Perhaps we should merge this into the public-pr-merge.yml workflow, now that that exists.
      - name: Send Discord notification
        env:
          DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }}
          PR_TITLE: ${{ github.event.pull_request.title }}
          PR_NUMBER: ${{ github.event.pull_request.number }}
          PR_URL: ${{ github.event.pull_request.html_url }}
          MENTION_ON_FAILURE: ${{ secrets.DEV_OPS_ROLE_ID }}
          DISCORD_USER_MAP: ${{ secrets.DISCORD_USER_MAP }}
        run: |
          message="PR merged: [(#${PR_NUMBER}) ${PR_TITLE}](<${PR_URL}>)"
          # Note that anything besides success is treated as a failure (e.g. if the check did not run at all, or if it is still pending).
          FAILED_CHECKS="$(
            gh pr checks "${{github.event.pull_request.html_url}}" \
              --json 'workflow,state,name' |
              jq '.[]
                | select(.workflow != "Discord notifications")
                | select(.state != "SUCCESS" and .state != "NEUTRAL" and .state != "SKIPPED")
              ' |
              jq -r '"\(.workflow) / \(.name): \(.state)"'
          )"

          # Lookup PR author's Discord ID from the provided JSON map (if any)
          author_discord_id="$(
            jq -r \
              --arg u "${{ github.event.pull_request.user.login }}" \
              '.[$u] // empty' \
              <<<"${DISCORD_USER_MAP}"
          )"
          if [ -z "${author_discord_id}" ]; then
            echo "Warning: PR author not found not found in USER_LOOKUP_JSON"
          fi

          message+=$'\n'
          if [[ -z "${FAILED_CHECKS}" ]]; then
            message+='All checks passed.'
          else
            message+="${FAILED_CHECKS}"
            message+=$'\n'
            # This uses special Discord syntax for pinging a particular role.
            # Note the '&' - this is the difference between pinging a *role* and pinging a *person*.
            if [[ -n "${author_discord_id}" ]]; then
              message+="<@${author_discord_id}> please investigate these failures."
            fi
            message+=$'\n'
            message+="(cc <@&${MENTION_ON_FAILURE}> - Releases may be affected)"
          fi
          # Use `jq` to construct the json data blob in the format required by the webhook.
          data="$(jq --null-input --arg msg "$message" '.content=$msg')"
          curl -X POST -H 'Content-Type: application/json' -d "$data" "${DISCORD_WEBHOOK_URL}"

  invokePrivate:
    runs-on: ubuntu-latest
    if: github.event.pull_request.merged == true &&
      github.event.pull_request.base.ref == 'master'
    permissions:
      contents: read
    steps:
      - name: Dispatch private merge workflow
        uses: actions/github-script@v7
        with:
          github-token: ${{ secrets.SPACETIMEDB_PRIVATE_TOKEN }}
          script: |
            await github.rest.actions.createWorkflowDispatch({
              owner: 'clockworklabs',
              repo: 'SpacetimeDBPrivate',
              workflow_id: 'public-pr-merge.yml',
              ref: 'master',
              inputs: {
                public_pr_number: String(context.payload.pull_request.number),
              }
            });