From 7fd90c95af4eee5027966e9f795b7f5144bc627d Mon Sep 17 00:00:00 2001
From: Rahul Sethi <5822355+RamIdeas@users.noreply.github.com>
Date: Mon, 25 Nov 2024 16:54:25 +0000
Subject: [PATCH] Add Workflow (#6399)

Co-authored-by: Samuel Macleod <smacleod@cloudflare.com>
---
 .../workflows/run-ci-for-external-forks.yml   | 52 +++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 .github/workflows/run-ci-for-external-forks.yml

diff --git a/.github/workflows/run-ci-for-external-forks.yml b/.github/workflows/run-ci-for-external-forks.yml
new file mode 100644
index 000000000000..1666e1040317
--- /dev/null
+++ b/.github/workflows/run-ci-for-external-forks.yml
@@ -0,0 +1,52 @@
+name: Run CI on behalf of External Forks
+on:
+  workflow_dispatch:
+    inputs:
+      pr-number:
+        description: "The PR number to run CI on behalf of"
+        required: true
+      reviewed:
+        description: "Confirm that the PR has been reviewed for use/leakage of secrets"
+        type: boolean
+        required: true
+jobs:
+  create-draft-pr:
+    name: Create Draft PR
+    if: ${{ inputs.reviewed == true }}
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      contents: write
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Check user for team affiliation
+        uses: tspascoal/get-user-teams-membership@v2
+        id: teamAffiliation
+        with:
+          GITHUB_TOKEN: ${{ secrets.READ_ONLY_ORG_GITHUB_TOKEN }}
+          username: ${{ github.actor }}
+          team: wrangler
+
+      - name: Stop workflow if user is not a team member
+        if: ${{ steps.teamAffiliation.outputs.isTeamMember == false }}
+        run: |
+          echo "You have must be on the "wrangler" team to trigger this job."
+          exit 1
+
+      - name: "Checkout PR"
+        run: gh pr checkout ${{ inputs.pr-number }} -b run-ci-on-behalf-of-${{ inputs.pr-number }} -f
+        env:
+          GH_TOKEN: ${{ github.token }}
+
+      - name: Push Branch
+        run: git push origin HEAD --force
+
+      - name: "Create Draft PR"
+        run: |
+          gh pr create --head run-ci-on-behalf-of-${{ inputs.pr-number }} --draft --label "e2e" --title "Run CI on behalf of #${{ inputs.pr-number }}" --body "This PR is created to run CI on behalf of \#${{ inputs.pr-number }}. It can be closed after the CI run is complete."
+        env:
+          GH_TOKEN: ${{ github.token }}