From af2b4370924d819e958b40b9fb5ff058a2eee0ae Mon Sep 17 00:00:00 2001
From: Seokho Son <shsongist@gmail.com>
Date: Wed, 15 Nov 2023 15:53:20 +0900
Subject: [PATCH] Enhance auto-merge workflow for verifying maintainers (#20)

* Enhance auto-merge workflow for verifying maintainers
---
 .github/workflows/auto-merge.yml | 34 +++++++++++++++++++++++---------
 1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml
index aa717f5..e8d3123 100644
--- a/.github/workflows/auto-merge.yml
+++ b/.github/workflows/auto-merge.yml
@@ -7,20 +7,36 @@ on:
     types: [created]
 jobs:
   # Check auto merge contiditons of PR and proceed merging
-  automerge:
+  automerge:  
     # Apply this job if it is a PR and by OWNER with '/approve' comment
-    # TODO: the section contains('seokho-son jihoon-seo yunkon-kim') needs to be updated or automated
-    if: ${{ github.event.issue.pull_request && (contains('seokho-son jihoon-seo yunkon-kim', github.event.comment.user.login) || github.event.comment.author_association == 'OWNER') && startsWith(github.event.comment.body, '/approve') }}
+    if: ${{ github.event.issue.pull_request && startsWith(github.event.comment.body, '/approve') }}
+    
     # This job runs on Ubuntu-latest (Ubuntu 20.04 LTS checked on 2022-09-06)
     # See https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners
     runs-on: ubuntu-latest
     steps:
-      # Check author_association is OWNER
-      - name: Check author_association
+      # Check the commenter is a member of the maintainer team of this repo
+      - name: Extract Repository Name
+        id: repo-name
+        run: echo "REPO_NAME=$(echo ${{ github.repository }} | cut -d'/' -f2)" >> $GITHUB_ENV
+        
+      - name: Get Maintainer Team Members
+        id: check-team-members
         run: |
-          echo event.comment.user.login is ${{ github.event.comment.user.login }}
-          echo event.comment.author_association is ${{ github.event.comment.author_association }}
-          echo Hello, this workflow is allowed to specific OWNERS.
+          TEAM_NAME="${{ env.REPO_NAME }}-maintainer"
+          TEAM_MEMBERS=$(curl -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+                          -H "Accept: application/vnd.github.v3+json" \
+                          https://api.github.com/orgs/cloud-barista/teams/${TEAM_NAME}/members | jq -r '.[] | .login')
+          echo "TEAM_MEMBERS=$TEAM_MEMBERS" >> $GITHUB_ENV
+          echo "GITHUB_ACTOR: ${GITHUB_ACTOR}"
+          echo "${TEAM_NAME}: ${TEAM_MEMBERS}"
+          
+      - name: Verify if GITHUB_ACTOR is a Maintainer Team Member
+        run: |
+          if [[ ! " $TEAM_MEMBERS " =~ " ${GITHUB_ACTOR} " ]]; then
+            echo "User ${GITHUB_ACTOR} is not a member of the team. Stopping workflow."
+            exit 1
+          fi
       
       # Apply 'approved' label when OWNER left '/approve' comment
       - uses: actions/checkout@v4
@@ -37,7 +53,7 @@ jobs:
           args: "--trace"
         env:
           GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-          MERGE_LABELS: "approved,lgtm,!wip,!hold"
+          MERGE_LABELS: "approved,!wip,!hold"
           MERGE_REMOVE_LABELS: ""
           MERGE_METHOD: "merge"
           MERGE_COMMIT_MESSAGE: "pull-request-title"