Pull Request Ready for Review #10616
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pull Request Ready for Review | |
| on: | |
| pull_request: | |
| types: [labeled, unlabeled, synchronize, ready_for_review, review_requested] | |
| workflow_run: | |
| workflows: ["Code Checks", "Check CODEOWNERS Entries", "Code Health Report"] | |
| types: [completed] | |
| jobs: | |
| ready_for_review: | |
| permissions: write-all | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4.0.2 | |
| with: | |
| aws-access-key-id: ${{ secrets.aws_access_key_id }} | |
| aws-secret-access-key: ${{ secrets.aws_secret_access_key }} | |
| aws-region: "us-gov-west-1" | |
| - name: Get bot token from Parameter Store | |
| uses: marvinpinto/action-inject-ssm-secrets@latest | |
| with: | |
| ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | |
| env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | |
| - name: Audit PR Labels | |
| id: audit_pr_labels | |
| if: | | |
| !contains(github.event.pull_request.labels.*.name, 'code-health-failure') && | |
| !contains(github.event.pull_request.labels.*.name, 'codeowners-addition-failure') && | |
| !contains(github.event.pull_request.labels.*.name, 'codeowners-delete-failure') && | |
| !contains(github.event.pull_request.labels.*.name, 'lint-failure') && | |
| !contains(github.event.pull_request.labels.*.name, 'test-failure') | |
| run: | | |
| echo "no_failures=true" >> $GITHUB_OUTPUT | |
| - name: Audit Test Passing Label | |
| id: audit_passing_labels | |
| if: | | |
| contains(github.event.pull_request.labels.*.name, 'test-passing') | |
| run: | | |
| echo "ready_for_review=true" >> $GITHUB_OUTPUT | |
| - name: Check backend-review-group approval status | |
| if: contains(github.event.pull_request.labels.*.name, 'require-backend-approval') | |
| id: check_backend_review_group_approval_status | |
| uses: octokit/request-action@v2.x | |
| with: | |
| route: GET /repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Get backend-review-group members | |
| if: contains(github.event.pull_request.labels.*.name, 'require-backend-approval') | |
| id: get_team_members | |
| uses: octokit/request-action@v2.x | |
| with: | |
| route: GET /orgs/department-of-veterans-affairs/teams/backend-review-group/members | |
| env: | |
| GITHUB_TOKEN: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }} | |
| - name: Verify backend-review-group approval | |
| if: contains(github.event.pull_request.labels.*.name, 'require-backend-approval') | |
| id: verify_approval | |
| run: | | |
| BACKEND_REVIEWERS=$(echo '${{ steps.get_team_members.outputs.data }}' | jq -r '.[].login' | tr '\n' '|' | sed 's/|$//') | |
| APPROVALS=$(echo '${{ steps.check_backend_review_group_approval_status.outputs.data }}' | jq -r '.[] | select(.state == "APPROVED") | .user.login' | grep -iE "$BACKEND_REVIEWERS" | wc -l) | |
| echo "Number of backend-review-group approvals: $APPROVALS" | |
| if [ "$APPROVALS" -eq 0 ]; then | |
| echo "approval_status=required" >> $GITHUB_OUTPUT | |
| else | |
| echo "approval_status=confirmed" >> $GITHUB_OUTPUT | |
| fi | |
| # Add ready-for-backend-review when all checks are passing and approval | |
| - name: Add Review label | |
| uses: actions-ecosystem/action-add-labels@v1 | |
| if: | | |
| github.event.pull_request.draft == false && | |
| steps.audit_passing_labels.outputs.ready_for_review == 'true' && | |
| steps.audit_pr_labels.outputs.no_failures == 'true' && | |
| steps.verify_approval.outputs.approval_status == 'required' | |
| with: | |
| number: ${{ github.event.pull_request.number }} | |
| labels: | | |
| ready-for-backend-review | |
| - name: Remove Review label | |
| uses: actions-ecosystem/action-remove-labels@v1 | |
| if: | | |
| github.event.pull_request.draft == true || | |
| ( | |
| contains(github.event.pull_request.labels.*.name, 'ready-for-backend-review') && | |
| steps.audit_passing_labels.outputs.ready_for_review != 'true' || | |
| steps.audit_pr_labels.outputs.no_failures != 'true' || | |
| steps.verify_approval.outputs.approval_status == 'confirmed' | |
| ) | |
| with: | |
| number: ${{ github.event.pull_request.number }} | |
| labels: | | |
| ready-for-backend-review |