This is by far the most interesting Action I've seen yet.
I know you have authorized users and such, but should one get through.
I really like this.
I don't have an actual use case for this that I can think of but it is neat!
I'm planning to use this to run a build+release script for a specific issue and reply with a changelog then close the issue/change the status for an open-source project I run.
It's cool for sure, but maybe not for things like their big "lgtm" example.
Aside, does anyone know how to change labels to PRs based on merge status with github actions?
The amount of integration is impressive, and I'm actually kinda sad this isn't being more highly voted up.
There's only one feature I think is really missing, and that's stored functions. Right now, I have to insert the full code snippet I want to run every. single. time. For scenarios where I want to modify the code snippet each time, this makes perfect sense, and is a valid first-class use-case that should stick around. But for all the scenarios where I just want to run the same old tidbit of code, I still have to reimport it fresh each time.
A few rambling thoughts/ideas:
- Referencing a Gist (which should only work when the full #gistcomment-... fragment is included)
- Referencing a code snippet in another issue, either by #number or by full URL (which should similarly only work when the full #issuecomment-... fragment is present)
- Referencing a code snippet from an issue in another project
- Allowing for the insertion of a SHA256 hash (either in hexadecimal (aabbccdd) or base64 (AbCd==) format) at the top of script bodies, for use in scenarios where I'd need to provide explicit authorization that I do indeed want to run a script that I didn't post myself
- Referencing a script from a file in my repo
- Referencing a script from a file in someone else's repo
You may ask why I am so insistent on dereferencing. a) it allows me to do magic things by wrangling URLs instead of entire blocks of code, and b) it lets me keep my posts tidy and not full of source code. My own bias strongly suggests to me that adopting a model like this might lead to slightly more widespread success. Your bias may disagree. I don't know what's closer to the truth.
Regarding the SHA idea, the way I concretely imagine this might work is that you'd introduce an alternate, optional block start like "`js SHA256:xxxxxxx", with the hash being applied to everything between the first and last lines (I think you might want to include the trailing newline after the script in the hash input - this will make life easier for those using editors that enforce one trailing newline).
This would indeed introduce massive redundancy - I now have to hash my blocks of code in order for them to run - but it would mean that people looking for code to run could straightforwardly and safely reference random stored functions (via something along the lines of "@github-actions run http://github.com/........ SHA256:XXX") and they'll only be run if the code matches its own checksum _along with_ the checksum in the run link.
I also think that perhaps there might be an explicit "reference" syntax, like "@github-actions ref" or something, for scenarios where the bot would be ignoring the code in question, and only running it when someone references it later. Perhaps in this scenario an alternate header format could be used that doesn't cause the bot to be notified; perhaps this could be as simple as removing the @.
I'm imagining scenarios where issues get created then closed as a stashing ground for code snippets.