ci: implementing migrator workflow

[germa89]

Summary

As the title.

This pull request introduces a new GitHub Actions workflow, migrator.yml, designed to handle pull requests originating from forks. The workflow ensures that secrets required for CI processes can be accessed by migrating the forked PR into a branch within the base repository.

Changes

• New Workflow: Added migrator.yml to workflows.

• Trigger Events:

  • Automatically triggered by comments containing @pyansys-ci-bot migrate or @pyansys-ci-bot sync on pull requests.
  • Can also be triggered manually via workflow_dispatch with an issue number input.

• Key Steps:

  • Reacts to comments to confirm or denies the action
  • Fetches details about the source branch and repository.
  • Clones the PyMAPDL repository and add the forked repo as remote.
  • Creates a new branch in the base repository, merges the forked branch, and pushes the changes.
  • Opens a new pull request in the base repository if one does not already exist.
  • Posts comments to indicate success or failure of the migration process.

This workflow simplifies the process of handling forked pull requests, improving developer experience.

Example of fork PR: #3868
Example of migrated PR: #3886

Summary by Sourcery

Implement a GitHub Actions workflow to migrate pull requests from forks, enabling secure CI processes and improving developer experience

New Features:

• Developed automated PR migration process that creates a new branch in the base repository
• Added comment reactions and status updates for migration workflow

CI:

• Added migrator workflow to handle pull requests from forks
• Implemented workflow triggered by comments or manual dispatch
• Added member verification before migration process

Chores:

• Created changelog entry for the migrator workflow implementation

[ansys-reviewer-bot]

Thanks for opening a Pull Request. If you want to perform a review write a comment saying:

@ansys-reviewer-bot review

[germa89]

@RobPasMue @klmcadams @jorgepiloto @ansys/pyansys-core

I think this is now ready.

forked PR: #3955
migrated PR: #3956

[RobPasMue]

LGTM! Saw you ended up going with raw JS + GitHub's dev package. Wasn't it easier to just use the octokit/request-action? I personally don't like JS that much but that's very opinionated 😆

[RobPasMue]

Weird - why is the token needed here?

[germa89]

Agreed... I saw a weird permission error when trying to download the artifacts ... so I thought about including the token there. I might have been due to recent outages though.

[germa89]

LGTM! Saw you ended up going with raw JS + GitHub's dev package. Wasn't it easier to just use the octokit/request-action? I personally don't like JS that much but that's very opinionated 😆

I would have been easier yes.... however I found out some troubles when trying to get the user teams. Additionally, I find the core.exportVariable quite useful, and cleaner than the bash equivalent. Also the logging, debugging, etc seems more robusts... ofc one might think "of course, that's how github is coded, it should be more complete than just using actions and bash"... so I took the opportunity to learn about it (and waste a full afternoon xD)

// Export variables for later steps
core.exportVariable('PR_NUMBER', prNumber);

[jorgepiloto]

From my understanding:

1. Outside contributor makes a push
2. Owners with write access must approve the CI/CD run for the new push
3. This triggers
4. If any of previous comments, the sync gets performed

If this is the process, then it is still safe since this does not trigger unless maintainers approve the CI/CD to run.

It means that the user can not just go and make a comment. The comment is not captured until the maintainer approves the CI/CD run.

[germa89]

The user check is done later in the workflow. But yes, from a forked repo, each PR requires a manual approval for the CICD to run the first time. After that first run, it is no longer required in that specific PR.

[germa89]

The migrator does not need this approval since it is running in pymapdl repo, hence it is not coming from outside.

[clatapie]

1. Outside contributor makes a push
2. Owners with write access must approve the CI/CD run for the new push

Does it mean a person, external from the Ansys organization, with write access can trigger the workflow?

[jorgepiloto]

Why not force pushing to the mirror pull-request? This ensures a mirror state with the original. If everything is fine in the original branch, then the mirror is fine.

Otherwise, you'll need to fix merge conflicts twice in the original and then in the mirror.

[germa89]

Why not force pushing to the mirror pull-request? This ensures a mirror state with the original. If everything is fine in the original branch, then the mirror is fine.

Otherwise, you'll need to fix merge conflicts twice in the original and then in the mirror.

I would expect that for some cases I might have to work also on the mirror PR inside PyMAPDL to fix stuff (code, docs, ect). So in that case, I think it is better not to force?

[clatapie]

I think it's a good approach!
Is it already documented in the Contribution file (from the user perspective)?
Also, we could add documentation on the process to follow for the developer perspective. It could either go in a PyMAPDL section, in the pyansys-dev-guide or somewhere else.