From 6042f2aedd0c0ea4cbd5ba66c82984544626cf80 Mon Sep 17 00:00:00 2001 From: damaz91 Date: Tue, 30 Jun 2026 09:53:45 +0000 Subject: [PATCH 1/2] ci: support optional pr-number and commit-sha in reusable governance --- .github/workflows/reusable-governance.yml | 37 +++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reusable-governance.yml b/.github/workflows/reusable-governance.yml index ad40b7c..b6f293a 100644 --- a/.github/workflows/reusable-governance.yml +++ b/.github/workflows/reusable-governance.yml @@ -21,6 +21,14 @@ on: required: false type: string description: "Optional path to the governance rules configuration file (e.g., .github-central/org-tools/governance/rules/python-sdk-rules.yml). If not provided, resolved via --repo mapping." + pr-number: + required: false + type: number + description: "Optional PR number. Falls back to pull_request context if not provided." + commit-sha: + required: false + type: string + description: "Optional commit SHA. Falls back to pull_request context if not provided." secrets: ORG_READ_TOKEN: required: true @@ -54,6 +62,17 @@ jobs: run: | set +e + # Resolve PR number (input vs event fallback) + PR_NUMBER="${{ inputs.pr-number }}" + if [ -z "$PR_NUMBER" ]; then + PR_NUMBER="${{ github.event.pull_request.number }}" + fi + + if [ -z "$PR_NUMBER" ]; then + echo "::error::PR number could not be resolved." + exit 1 + fi + RULES_FILE_ARG="" if [ -n "${{ inputs.rules-file }}" ]; then RULES_FILE_ARG="--rules-file ${{ inputs.rules-file }}" @@ -63,7 +82,7 @@ jobs: --token "${{ secrets.ORG_READ_TOKEN }}" \ --org "${{ github.repository_owner }}" \ --repo "${{ github.repository }}" \ - --pr "${{ github.event.pull_request.number }}" \ + --pr "$PR_NUMBER" \ $RULES_FILE_ARG @@ -108,11 +127,25 @@ jobs: // Construct the exact URL to the current GitHub Actions workflow run logs const runUrl = `${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}`; + // Resolve SHA (input vs event fallback) + let sha = '${{ inputs.commit-sha }}'; + if (!sha) { + sha = context.payload.pull_request ? context.payload.pull_request.head.sha : null; + } + if (!sha && context.payload.workflow_run) { + sha = context.payload.workflow_run.head_sha; + } + + if (!sha) { + core.setFailed('SHA could not be resolved.'); + return; + } + // Post the status to the specific commit hash await github.rest.repos.createCommitStatus({ owner: context.repo.owner, repo: context.repo.repo, - sha: context.payload.pull_request.head.sha, + sha: sha, state: state, context: 'Governance / Approvals', description: description, From 945b2e9f62c3bc0d496655d295fbbc091fcaaf1d Mon Sep 17 00:00:00 2001 From: Federico D'Amato Date: Tue, 30 Jun 2026 12:05:17 +0200 Subject: [PATCH 2/2] Allow job to run for draft pull requests Remove condition to run job only for non-draft PRs. --- .github/workflows/reusable-governance.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/reusable-governance.yml b/.github/workflows/reusable-governance.yml index b6f293a..9bc5e53 100644 --- a/.github/workflows/reusable-governance.yml +++ b/.github/workflows/reusable-governance.yml @@ -38,7 +38,6 @@ jobs: evaluate: name: Approvals runs-on: ubuntu-latest - if: github.event.pull_request.draft == false steps: # 1. Check out the caller repository (the PR code) - name: Check out PR code