Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add PR approval check for specific directories #31

Merged
merged 12 commits into from
Jul 10, 2024
Merged

Add PR approval check for specific directories #31

Changes from 7 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
28742fa
Check for committee among the PR approval
jaisnan Jun 26, 2024
4d31677
Fix user toml account
jaisnan Jul 1, 2024
d7ce67d
Remove account names
jaisnan Jul 1, 2024
ecfbc00
Update comments
jaisnan Jul 2, 2024
76a44b6
delete toml file from this PR as we're adding it in another PR first
jaisnan Jul 2, 2024
e8f52bb
Merge branch 'main' into pr-approval-workflow
jaisnan Jul 3, 2024
2c31a51
Merge branch 'main' into pr-approval-workflow
jaisnan Jul 3, 2024
186d930
Merge branch 'main' of https://github.com/model-checking/verify-rust-…
jaisnan Jul 9, 2024
2b5b0ac
Merge branch 'pr-approval-workflow' of https://github.com/jaisnan/rus…
jaisnan Jul 9, 2024
f4352a3
Remove token from script
jaisnan Jul 9, 2024
937f74d
Change comments
jaisnan Jul 9, 2024
add26d9
Merge branch 'main' into pr-approval-workflow
jaisnan Jul 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
157 changes: 157 additions & 0 deletions .github/workflows/pr_approval.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,157 @@
name: Check PR Approvals

# For now, the workflow gets triggered only when a review is submitted
# This technically means, a PR with zero approvals can be merged by the rules of this workflow alone
# To protect against that scenario, we can turn on number of approvals required to 2 in the github settings
# of the repository
on:
pull_request_review:
types: [submitted]
workflow_dispatch:

jobs:
check-approvals:
if: github.event.review.state == 'APPROVED' || github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2

- name: Install TOML parser
run: npm install @iarna/toml

- name: Check PR Relevance and Approvals
uses: actions/github-script@v6
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const fs = require('fs');
const toml = require('@iarna/toml');
const { owner, repo } = context.repo;
let pull_number;

if (github.event_name === 'workflow_dispatch') {
const branch = github.ref.replace('refs/heads/', '');
const prs = await github.rest.pulls.list({
owner,
repo,
head: `${owner}:${branch}`,
state: 'open'
});
if (prs.data.length === 0) {
console.log('No open PR found for this branch.');
return;
}
pull_number = prs.data[0].number;
} else {
pull_number = context.issue.number;
}

// Get PR files
const files = await github.rest.pulls.listFiles({
owner,
repo,
pull_number
});

const relevantPaths = ['library/', 'doc/src/challenges/'];
const isRelevantPR = files.data.some(file =>
relevantPaths.some(path => file.filename.startsWith(path))
);

if (!isRelevantPR) {
console.log('PR does not touch relevant paths. Exiting workflow.');
return;
}

// Get parsed data
try {
const tomlContent = fs.readFileSync('.github/pull_requests.toml', 'utf8');
console.log('TOML content:', tomlContent);
const tomlData = toml.parse(tomlContent);
console.log('Parsed TOML data:', JSON.stringify(tomlData, null, 2));

if (!tomlData.committee || !Array.isArray(tomlData.committee.members)) {
throw new Error('committee.members is not an array in the TOML file');
}
requiredApprovers = tomlData.committee.members;
} catch (error) {
console.error('Error reading or parsing TOML file:', error);
core.setFailed('Failed to read required approvers list');
return;
}

// Get all reviews
const reviews = await github.rest.pulls.listReviews({
owner,
repo,
pull_number
});

# Example: approvers = ["celina", "zyad"]
const approvers = new Set(
reviews.data
.filter(review => review.state === 'APPROVED')
.map(review => review.user.login)
);

const requiredApprovals = 2;
const requiredApproversCount = Array.from(approvers)
.filter(approver => requiredApprovers.includes(approver))
.length;

# TODO: Improve logging and messaging to the user
console.log('PR Approvers:', Array.from(approvers));
console.log('Required Approvers:', requiredApproversCount);

# Core logic that checks if the approvers are in the committee
const checkName = 'PR Approval Status';
const conclusion = (approvers.size >= requiredApprovals && requiredApproversCount >= 2) ? 'success' : 'failure';
const output = {
title: checkName,
summary: `PR has ${approvers.size} total approvals and ${requiredApproversCount} required approvals.`,
text: `Approvers: ${Array.from(approvers).join(', ')}\nRequired Approvers: ${requiredApprovers.join(', ')}`
};

// Get PR details
const pr = await github.rest.pulls.get({
owner,
repo,
pull_number
});

// Create or update check run
const checkRuns = await github.rest.checks.listForRef({
owner,
repo,
ref: pr.data.head.sha,
check_name: checkName
});

# Reuse the same workflow everytime there's a new review submitted
# instead of creating new workflows. Better efficiency and readability
# as the number of workflows is kept to a minimal number
if (checkRuns.data.total_count > 0) {
await github.rest.checks.update({
owner,
repo,
check_run_id: checkRuns.data.check_runs[0].id,
status: 'completed',
conclusion,
output
});
} else {
await github.rest.checks.create({
owner,
repo,
name: checkName,
head_sha: pr.data.head.sha,
status: 'completed',
conclusion,
output
});
}

if (conclusion === 'failure') {
core.setFailed(`PR needs at least ${requiredApprovals} total approvals and 2 required approvals. Current approvals: ${approvers.size}, Required approvals: ${requiredApproversCount}`);
}
Loading