name: Weblate checks on: pull_request: branches: [main] types: - opened - synchronize - ready_for_review - auto_merge_enabled - auto_merge_disabled permissions: {} env: BOT_NAME: immich-push-o-matic jobs: pre-job: runs-on: ubuntu-latest permissions: contents: read outputs: should_run: ${{ steps.check.outputs.should_run }} steps: - id: token uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0 with: app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }} private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }} - name: Check what should run id: check uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0 with: github-token: ${{ steps.token.outputs.token }} filters: | i18n: - 'i18n/!(en)**\.json' exclude-branches: 'chore/translations' skip-force-logic: 'true' enforce-lock: name: Check Weblate Lock needs: [pre-job] runs-on: ubuntu-latest permissions: {} if: ${{ fromJSON(needs.pre-job.outputs.should_run).i18n == true }} steps: - id: token uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0 with: app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }} private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }} - name: Bot review status env: PR_NUMBER: ${{ github.event.pull_request.number || github.event.pull_request_review.pull_request.number }} GH_TOKEN: ${{ steps.token.outputs.token }} run: | # Then check for APPROVED by the bot, if absent fail gh pr view "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --json reviews | jq -e '.reviews | map(select(.author.login == env.BOT_NAME and .state == "APPROVED")) | length > 0' \ || (echo "The push-o-matic bot has not approved this PR yet" && exit 1) success-check-lock: name: Weblate Lock Check Success needs: [enforce-lock] runs-on: ubuntu-latest permissions: {} if: always() steps: - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4 with: needs: ${{ toJSON(needs) }}