@@ -109,3 +109,43 @@ jobs:
109109 if : matrix.os == 'windows-latest'
110110 run : |
111111 npm run test:cli-integration
112+
113+ report-failure :
114+ name : Report failure on the default branch
115+ runs-on : ubuntu-latest
116+ needs : [cli-test]
117+ if : failure() && github.ref == 'refs/heads/main'
118+ permissions :
119+ contents : read
120+ issues : write
121+ env :
122+ GH_TOKEN : ${{ github.token }}
123+ steps :
124+ - name : Create GitHub issue
125+ run : |
126+ # Set -eu so that we fail if the gh command fails.
127+ set -eu
128+
129+ # Try to find an existing open issue if there is one
130+ ISSUE="$(gh issue list --repo "$GITHUB_REPOSITORY" --label "cli-test-failure" --state "open" --limit 1 --json number -q '.[0].number')"
131+
132+ if [[ -n "$ISSUE" ]]; then
133+ echo "Found open issue number $ISSUE ($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/issues/$ISSUE)"
134+ else
135+ echo "Did not find an open tracking issue. Creating one."
136+
137+ ISSUE_BODY="issue-body.md"
138+ printf "CLI tests have failed on the default branch.\n\n@github/code-scanning-secexp-reviewers" > "$ISSUE_BODY"
139+
140+ ISSUE="$(gh issue create --repo "$GITHUB_REPOSITORY" --label "cli-test-failure" --title "CLI test failure" --body-file "$ISSUE_BODY")"
141+ # `gh issue create` returns the full issue URL, not just the number.
142+ echo "Created issue with URL $ISSUE"
143+ fi
144+
145+ COMMENT_FILE="comment.md"
146+ RUN_URL=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID
147+ printf 'CLI test [%s](%s) failed on ref `%s`' "$GITHUB_RUN_ID" "$RUN_URL" "$GITHUB_REF" > "$COMMENT_FILE"
148+
149+ # `gh issue create` returns an issue URL, and `gh issue list | cut -f 1` returns an issue number.
150+ # Both are accepted here.
151+ gh issue comment "$ISSUE" --repo "$GITHUB_REPOSITORY" --body-file "$COMMENT_FILE"
0 commit comments