Add issue comment workflow

Author: ncalteen

.github/workflows/process-issue-comment.yml

@@ -0,0 +1,41 @@
+name: Process Issue Comment
+
+on:
+  issue_comment:
+    types:
+      - created
+
+permissions:
+  contents: write
+  id-token: write
+  issues: write
+
+jobs:
+  submit:
+    name: Process Issue Comment
+    runs-on: ubuntu-latest
+
+    if: |
+      github.event.issue.state == 'open' &&
+      (
+        startsWith(github.event.comment.body, '.add-admin') ||
+        startsWith(github.event.comment.body, '.add-user') ||
+        startsWith(github.event.comment.body, '.remove-admin') ||
+        startsWith(github.event.comment.body, '.remove-user')
+      )
+
+    steps:
+      - name: Get GitHub App Token
+        id: token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.ISSUEOPS_APP_ID }}
+          private-key: ${{ secrets.ISSUEOPS_APP_PEM_FILE }}
+          owner: ${{ github.repository_owner }}
+
+      - name: Process IssueOps Request
+        id: process
+        uses: githubschool/gh-github-intermediate-issueops@main
+        with:
+          github_token: ${{ steps.token.outputs.token }}
+          workspace: ${{ github.workspace }}

__tests__/actions.test.ts

@@ -318,6 +318,13 @@ describe('actions', () => {
     })
 
     it('Adds an Admin', async () => {
+      mocktokit.graphql.mockResolvedValue({
+        user: {
+          isEmployee: true,
+          email: 'noreply@github.com'
+        }
+      })
+
       await actions.addAdmin(
         {
           action: AllowedIssueAction.CREATE,

badges/coverage.svg

@@ -109,6 +109,10 @@ export async function addAdmin(
 ): Promise<void> {
   core.info(`Adding Admin to Class Request: #${payload.issue.number}`)
 
+  // Create the authenticated Octokit client.
+  const token: string = core.getInput('github_token', { required: true })
+  const octokit = github.getOctokit(token)
+
   // Get the user from the comment body.
   // Format: .add-admin handle,email
   if (
@@ -123,6 +127,27 @@ export async function addAdmin(
     email: payload.comment.body.split(' ')[1].split(',')[1]
   }
 
+  // Check if the user is a GitHub/Microsoft employee.
+  const response: { user: { isEmployee: boolean; email: string } } =
+    await octokit.graphql(
+      `
+      query($login: String!) {
+        user(login: $login) {
+          isEmployee
+          email
+        }
+      }
+      `,
+      { login: user.handle }
+    )
+
+  // Do not add the admin if they are not a GitHub or Microsoft employee.
+  if (
+    !response.user.isEmployee &&
+    !response.user.email.includes('@microsoft.com')
+  )
+    throw new Error('Admins Must be GitHub/Microsoft Employees')
+
   await teams.addUser(request, user, 'maintainer')
 
   // Comment on the issue with the summary.
@@ -206,13 +231,13 @@ export async function removeAdmin(
   const response: { user: { isEmployee: boolean; email: string } } =
     await octokit.graphql(
       `
-    query($login: String!) {
-      user(login: $login) {
-        isEmployee
-        email
+      query($login: String!) {
+        user(login: $login) {
+          isEmployee
+          email
+        }
       }
-    }
-    `,
+      `,
       { login: user.handle }
     )
 

dist/index.js

@@ -289,7 +289,7 @@ export function generateMessage(request: ClassRequest): string {
       ${request.attendees
         .map(
           (attendee) =>
-            `| ${attendee.handle} | [\`${Common.OWNER}/${repos.generateRepoName(request, attendee)}\`](https://github.com/${Common.OWNER}/${attendee.handle}) |`
+            `| ${attendee.handle} | [\`${Common.OWNER}/${repos.generateRepoName(request, attendee)}\`](https://github.com/${Common.OWNER}/${repos.generateRepoName(request, attendee)}) |`
         )
         .join('\n')}