Require backend-review-group approval #7405

Workflow file for this run

.github/workflows/be_review_prs.yml at eae40c0

	name: Require backend-review-group approval
	on:
	pull_request:
	types: [opened, reopened, review_requested, synchronize, ready_for_review]
	pull_request_review:
	types: [submitted]

	jobs:
	check-approval-requirements:
	permissions: write-all
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v4.0.2
	with:
	aws-access-key-id: ${{ secrets.aws_access_key_id }}
	aws-secret-access-key: ${{ secrets.aws_secret_access_key }}
	aws-region: "us-gov-west-1"

	- name: Get bot token from Parameter Store
	uses: marvinpinto/action-inject-ssm-secrets@latest
	with:
	ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN
	env_variable_name: VA_VSP_BOT_GITHUB_TOKEN


	# Find Backend Labels, Approvals and Comments
	- name: Find Approval Comment
	uses: peter-evans/find-comment@v3
	id: find_backend_approval_comment
	with:
	issue-number: ${{ github.event.pull_request.number }}
	body-includes: Backend-review-group approval confirmed.

	- name: Get backend-review-group members
	if: contains(github.event.pull_request.labels.*.name, 'require-backend-approval')
	id: get_team_members
	uses: octokit/request-action@v2.x
	with:
	route: GET /orgs/department-of-veterans-affairs/teams/backend-review-group/members
	env:
	GITHUB_TOKEN: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }}

	- name: Check backend-review-group approval status
	if: contains(github.event.pull_request.labels.*.name, 'require-backend-approval')
	id: check_backend_review_group_approval_status
	uses: octokit/request-action@v2.x
	with:
	route: GET /repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number \|\| github.event.pull_request_review.pull_request.number }}/reviews
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Verify backend-review-group approval
	if: contains(github.event.pull_request.labels.*.name, 'require-backend-approval')
	id: verify_approval
	run: \|
	BACKEND_REVIEWERS=$(echo '${{ steps.get_team_members.outputs.data }}' \| jq -r '.[].login' \| tr '\n' '\|' \| sed 's/\|$//')
	APPROVALS=$(echo '${{ steps.check_backend_review_group_approval_status.outputs.data }}' \| jq -r '.[] \| select(.state == "APPROVED") \| .user.login' \| grep -iE "$BACKEND_REVIEWERS" \| wc -l)
	echo "Number of backend-review-group approvals: $APPROVALS"
	if [ "$APPROVALS" -eq 0 ]; then
	echo "approval_status=required" >> $GITHUB_OUTPUT
	exit 1
	else
	echo "approval_status=confirmed" >> $GITHUB_OUTPUT
	fi

	- name: Comment PR - Approval Confirmed
	if: success() && steps.verify_approval.outputs.approval_status == 'confirmed' && steps.find_backend_approval_comment.outputs.comment-id == ''
	uses: peter-evans/create-or-update-comment@v4
	with:
	issue-number: ${{ github.event.pull_request.number }}
	body: "Backend-review-group approval confirmed."

	- name: Remove ready-for-review label
	if: success() && steps.verify_approval.outputs.approval_status == 'confirmed' && contains(github.event.pull_request.labels.*.name, 'ready-for-backend-review')
	uses: actions-ecosystem/action-remove-labels@v1
	with:
	number: ${{ github.event.pull_request.number }}
	labels: \|
	ready-for-backend-review

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Require backend-review-group approval #7405

Workflow file

Require backend-review-group approval #7405

Jobs

Run details

Workflow file for this run