Skip to content

Commit c00d213

Browse files
HumairAKHumairAK
authored
chore: add workflow to approve pr runs (#11416)
Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com>
1 parent ca004cc commit c00d213

File tree

1 file changed

+102
-0
lines changed

1 file changed

+102
-0
lines changed

.github/workflows/pr-commands.yml

Lines changed: 102 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,102 @@
1+
name: PR Commands
2+
on:
3+
issue_comment:
4+
types:
5+
- created
6+
env:
7+
DEFAULT_BRANCH: master
8+
jobs:
9+
process-command:
10+
runs-on: ubuntu-latest
11+
# Fail early if the command is not recognized
12+
if: github.event.comment.body == '/ok-to-test'
13+
outputs:
14+
PR_SHA: ${{ steps.fetch-pr-sha.outputs.PR_SHA }}
15+
steps:
16+
- name: Checkout Main Branch
17+
uses: actions/checkout@v3
18+
with:
19+
ref: ${{ env.DEFAULT_BRANCH }}
20+
- name: Check if the author is a member or Owner
21+
id: check-condition
22+
run: |
23+
echo "slash_command=${{github.event.comment.body}}" >> $GITHUB_ENV
24+
if [[ "${{ github.event.comment.author_association }}" == "MEMBER" || "${{ github.event.comment.author_association }}" == "OWNER" ]]; then
25+
echo "condition_met=true" >> $GITHUB_ENV
26+
else
27+
echo "User does not have permission to trigger this command."
28+
echo "condition_met=false" >> $GITHUB_ENV
29+
fi
30+
31+
- name: Leave a Comment on Precondition Fail
32+
if: env.condition_met == 'false'
33+
env:
34+
message: 🚫 This command cannot be processed. Only organization members or owners can use the commands.
35+
run: |
36+
echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token
37+
gh issue comment ${{ github.event.issue.number }} --repo "${{ github.repository }}" --body "${{ env.message }}"
38+
echo ${message}
39+
exit 1
40+
41+
- name: Check if comment is on a pull request
42+
id: check-pr
43+
run: |
44+
if [[ -z "${{ github.event.issue.pull_request }}" ]]; then
45+
echo "Comment is not on a pull request."
46+
exit 1
47+
fi
48+
echo "PR_URL=${{ github.event.issue.pull_request.url }}" >> $GITHUB_ENV
49+
50+
- name: Fetch pull request sha
51+
id: fetch-pr-sha
52+
env:
53+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
54+
run: |
55+
PR_URL="${PR_URL}"
56+
PR_DATA=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" -H "Accept: application/vnd.github.v3+json" "$PR_URL")
57+
PR_SHA=$(echo "$PR_DATA" | jq -r '.head.sha')
58+
echo "PR_SHA=$PR_SHA" >> $GITHUB_OUTPUT
59+
60+
# Add other commands as separate jobs
61+
approve:
62+
runs-on: ubuntu-latest
63+
needs: process-command
64+
if: github.event.comment.body == '/ok-to-test'
65+
steps:
66+
- name: Checkout Main Branch
67+
uses: actions/checkout@v3
68+
with:
69+
ref: ${{ env.DEFAULT_BRANCH }}
70+
- name: Approve Runs
71+
env:
72+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
73+
PR_SHA: ${{ needs.process-command.outputs.PR_SHA }}
74+
run: |
75+
runs=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" \
76+
-H "Accept: application/vnd.github.v3+json" \
77+
"https://api.github.com/repos/${{ github.repository }}/actions/runs?head_sha=${{ env.PR_SHA }}" | \
78+
jq -r '.workflow_runs[] | select(.conclusion == "action_required") | .id')
79+
80+
if [[ -z "$runs" ]]; then
81+
echo "No workflow runs found for the given head SHA."
82+
exit 1
83+
fi
84+
85+
echo "Found workflow runs requiring approval: $runs"
86+
# Approve each workflow run
87+
for run_id in $runs; do
88+
curl -X POST -H "Authorization: Bearer $GITHUB_TOKEN" \
89+
-H "Accept: application/vnd.github.v3+json" \
90+
"https://api.github.com/repos/${{ github.repository }}/actions/runs/$run_id/approve"
91+
echo "Approved workflow run: $run_id"
92+
done
93+
msg="Approvals successfully granted for pending runs."
94+
echo "output_msg=${msg}" >> $GITHUB_ENV
95+
96+
- name: Leave a Comment
97+
env:
98+
message: ${{ env.output_msg }}
99+
run: |
100+
echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token
101+
gh issue comment ${{ github.event.issue.number }} --repo "${{ github.repository }}" --body "${{ env.message }}"
102+

0 commit comments

Comments
 (0)