-
Notifications
You must be signed in to change notification settings - Fork 62
115 lines (104 loc) · 4.64 KB
/
ready_for_review.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
name: Pull Request Ready for Review
on:
pull_request:
types: [labeled, unlabeled, synchronize, ready_for_review, review_requested]
workflow_run:
workflows: ["Code Checks", "Check CODEOWNERS Entries", "Code Health Report"]
types: [completed]
jobs:
ready_for_review:
permissions: write-all
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4.0.2
with:
aws-access-key-id: ${{ secrets.aws_access_key_id }}
aws-secret-access-key: ${{ secrets.aws_secret_access_key }}
aws-region: "us-gov-west-1"
- name: Get bot token from Parameter Store
uses: marvinpinto/action-inject-ssm-secrets@latest
with:
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN
# If no failures, no_failures=true
- name: Audit PR Labels
id: audit_pr_labels
if: |
!contains(github.event.pull_request.labels.*.name, 'code-health-failure') &&
!contains(github.event.pull_request.labels.*.name, 'codeowners-addition-failure') &&
!contains(github.event.pull_request.labels.*.name, 'codeowners-delete-failure') &&
!contains(github.event.pull_request.labels.*.name, 'lint-failure') &&
!contains(github.event.pull_request.labels.*.name, 'test-failure')
run: |
echo "no_failures=true" >> $GITHUB_OUTPUT
# If test-passing label is present, ready_for_review=true
- name: Audit Test Passing Label
id: audit_passing_labels
if: |
contains(github.event.pull_request.labels.*.name, 'test-passing')
run: |
echo "ready_for_review=true" >> $GITHUB_OUTPUT
# If require-backend-approval label is present, get reviews
- name: Check backend-review-group approval status
if: contains(github.event.pull_request.labels.*.name, 'require-backend-approval')
id: check_backend_review_group_approval_status
uses: octokit/request-action@v2.x
with:
route: GET /repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
#
- name: Get backend-review-group members
if: contains(github.event.pull_request.labels.*.name, 'require-backend-approval')
id: get_team_members
uses: octokit/request-action@v2.x
with:
route: GET /orgs/department-of-veterans-affairs/teams/backend-review-group/members
env:
GITHUB_TOKEN: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }}
- name: Verify backend-review-group approval
if: contains(github.event.pull_request.labels.*.name, 'require-backend-approval')
id: verify_approval
run: |
BACKEND_REVIEWERS=$(cat <<'EOF' | jq -r '.[].login' | tr '\n' '|' | sed 's/|$//'
${{ steps.get_team_members.outputs.data }}
EOF
)
APPROVALS=$(cat <<'EOF' | jq -r '.[] | select(.state == "APPROVED") | .user.login' | grep -iE "$BACKEND_REVIEWERS" | wc -l
${{ steps.check_backend_review_group_approval_status.outputs.data }}
EOF
)
echo "Number of backend-review-group approvals: $APPROVALS"
if [ "$APPROVALS" -eq 0 ]; then
echo "approval_status=required" >> $GITHUB_OUTPUT
else
echo "approval_status=confirmed" >> $GITHUB_OUTPUT
fi
# Add ready-for-backend-review when all checks are passing and approval
- name: Add Review label
uses: actions-ecosystem/action-add-labels@v1
if: |
github.event.pull_request.draft == false &&
steps.audit_passing_labels.outputs.ready_for_review == 'true' &&
steps.audit_pr_labels.outputs.no_failures == 'true' &&
steps.verify_approval.outputs.approval_status == 'required'
with:
number: ${{ github.event.pull_request.number }}
labels: |
ready-for-backend-review
- name: Remove Review label
uses: actions-ecosystem/action-remove-labels@v1
if: |
github.event.pull_request.draft == true ||
(
contains(github.event.pull_request.labels.*.name, 'ready-for-backend-review') &&
steps.audit_passing_labels.outputs.ready_for_review != 'true' ||
steps.audit_pr_labels.outputs.no_failures != 'true' ||
steps.verify_approval.outputs.approval_status == 'confirmed'
)
with:
number: ${{ github.event.pull_request.number }}
labels: |
ready-for-backend-review