Pull Request Ready for Review #24530
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pull Request Ready for Review | |
| on: | |
| pull_request: | |
| types: [labeled, unlabeled, synchronize, ready_for_review, review_requested] | |
| workflow_run: | |
| workflows: ["Code Checks", "Check CODEOWNERS Entries", "Code Health Report"] | |
| types: [completed] | |
| jobs: | |
| ready_for_review: | |
| permissions: write-all | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4.0.2 | |
| with: | |
| aws-access-key-id: ${{ secrets.aws_access_key_id }} | |
| aws-secret-access-key: ${{ secrets.aws_secret_access_key }} | |
| aws-region: "us-gov-west-1" | |
| - name: Get bot token from Parameter Store | |
| uses: marvinpinto/action-inject-ssm-secrets@latest | |
| with: | |
| ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | |
| env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | |
| # If no failures, no_failures=true | |
| - name: Audit PR Labels | |
| id: audit_pr_labels | |
| if: | | |
| !contains(github.event.pull_request.labels.*.name, 'code-health-failure') && | |
| !contains(github.event.pull_request.labels.*.name, 'codeowners-addition-failure') && | |
| !contains(github.event.pull_request.labels.*.name, 'codeowners-delete-failure') && | |
| !contains(github.event.pull_request.labels.*.name, 'lint-failure') && | |
| !contains(github.event.pull_request.labels.*.name, 'test-failure') | |
| run: | | |
| echo "no_failures=true" >> $GITHUB_OUTPUT | |
| # If test-passing label is present, ready_for_review=true | |
| - name: Audit Test Passing Label | |
| id: audit_passing_labels | |
| if: | | |
| contains(github.event.pull_request.labels.*.name, 'test-passing') | |
| run: | | |
| echo "ready_for_review=true" >> $GITHUB_OUTPUT | |
| # If require-backend-approval label is present, get reviews | |
| - name: Check backend-review-group approval status | |
| if: contains(github.event.pull_request.labels.*.name, 'require-backend-approval') | |
| id: check_backend_review_group_approval_status | |
| uses: octokit/request-action@v2.x | |
| with: | |
| route: GET /repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # | |
| - name: Get backend-review-group members | |
| if: contains(github.event.pull_request.labels.*.name, 'require-backend-approval') | |
| id: get_team_members | |
| uses: octokit/request-action@v2.x | |
| with: | |
| route: GET /orgs/department-of-veterans-affairs/teams/backend-review-group/members | |
| env: | |
| GITHUB_TOKEN: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }} | |
| - name: Verify backend-review-group approval | |
| if: contains(github.event.pull_request.labels.*.name, 'require-backend-approval') | |
| id: verify_approval | |
| run: | | |
| BACKEND_REVIEWERS=$(cat <<'EOF' | jq -r '.[].login' | tr '\n' '|' | sed 's/|$//' | |
| ${{ steps.get_team_members.outputs.data }} | |
| EOF | |
| ) | |
| APPROVALS=$(cat <<'EOF' | jq -r '.[] | select(.state == "APPROVED") | .user.login' | grep -iE "$BACKEND_REVIEWERS" | wc -l | |
| ${{ steps.check_backend_review_group_approval_status.outputs.data }} | |
| EOF | |
| ) | |
| echo "Number of backend-review-group approvals: $APPROVALS" | |
| if [ "$APPROVALS" -eq 0 ]; then | |
| echo "approval_status=required" >> $GITHUB_OUTPUT | |
| else | |
| echo "approval_status=confirmed" >> $GITHUB_OUTPUT | |
| fi | |
| # Add ready-for-backend-review when all checks are passing and approval | |
| - name: Add Review label | |
| uses: actions-ecosystem/action-add-labels@v1 | |
| if: | | |
| github.event.pull_request.draft == false && | |
| steps.audit_passing_labels.outputs.ready_for_review == 'true' && | |
| steps.audit_pr_labels.outputs.no_failures == 'true' && | |
| steps.verify_approval.outputs.approval_status == 'required' | |
| with: | |
| number: ${{ github.event.pull_request.number }} | |
| labels: | | |
| ready-for-backend-review | |
| - name: Remove Review label | |
| uses: actions-ecosystem/action-remove-labels@v1 | |
| if: | | |
| github.event.pull_request.draft == true || | |
| ( | |
| contains(github.event.pull_request.labels.*.name, 'ready-for-backend-review') && | |
| steps.audit_passing_labels.outputs.ready_for_review != 'true' || | |
| steps.audit_pr_labels.outputs.no_failures != 'true' || | |
| steps.verify_approval.outputs.approval_status == 'confirmed' | |
| ) | |
| with: | |
| number: ${{ github.event.pull_request.number }} | |
| labels: | | |
| ready-for-backend-review |