From f4e0ad31cc78b2b3be9a4a54ee9ad83512f7e5f0 Mon Sep 17 00:00:00 2001 From: Korbinian Date: Thu, 7 Nov 2024 12:08:49 +0100 Subject: [PATCH 1/3] add workflow to enforce group approvals --- .github/workflows/group-approvals.yml | 44 +++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/workflows/group-approvals.yml diff --git a/.github/workflows/group-approvals.yml b/.github/workflows/group-approvals.yml new file mode 100644 index 0000000..afdb738 --- /dev/null +++ b/.github/workflows/group-approvals.yml @@ -0,0 +1,44 @@ +name: Enforce Group-Based Approvals +on: + pull_request: + types: [opened, synchronize, reopened, review_requested] + pull_request_review: + types: [submitted] + +jobs: + enforce_approvals: + runs-on: ubuntu-latest + steps: + - name: Check Required Approvals + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GROUP_1: "nickytaiko,JMcryptospain,Pigitaiko" + GROUP_2: "bennettyong,myronrotter,KorbinianK,bearni95" + run: | + GROUP_1_REQUIRED=0 + GROUP_2_REQUIRED=0 + PR_NUMBER=$(jq -r '.pull_request.number' "$GITHUB_EVENT_PATH") + + # Fetch pull request reviews + REVIEWS=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" \ + "https://api.github.com/repos/${{ github.repository }}/pulls/$PR_NUMBER/reviews" | jq -r '.[] | select(.state == "APPROVED") | .user.login') + + # Check approvals against each group + IFS=',' read -ra GROUP1 <<< "$GROUP_1" + IFS=',' read -ra GROUP2 <<< "$GROUP_2" + + for APPROVER in $REVIEWS; do + if [[ " ${GROUP1[@]} " =~ " $APPROVER " ]]; then + GROUP_1_REQUIRED=1 + elif [[ " ${GROUP2[@]} " =~ " $APPROVER " ]]; then + GROUP_2_REQUIRED=1 + fi + done + + # Validate if both groups have approved + if [[ $GROUP_1_REQUIRED -eq 1 && $GROUP_2_REQUIRED -eq 1 ]]; then + echo "Required approvals from both groups present." + else + echo "Approval from both groups is required." + exit 1 + fi \ No newline at end of file From 5ae705b391717ca383dda68942de57987be84d18 Mon Sep 17 00:00:00 2001 From: Korbinian Date: Thu, 7 Nov 2024 15:45:44 +0100 Subject: [PATCH 2/3] Update group-approvals.yml --- .github/workflows/group-approvals.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/group-approvals.yml b/.github/workflows/group-approvals.yml index afdb738..afb71ff 100644 --- a/.github/workflows/group-approvals.yml +++ b/.github/workflows/group-approvals.yml @@ -12,7 +12,7 @@ jobs: - name: Check Required Approvals env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GROUP_1: "nickytaiko,JMcryptospain,Pigitaiko" + GROUP_1: "nickytaiko,JMcryptospain,Pigitaiko,swarna1101,JBScaled" GROUP_2: "bennettyong,myronrotter,KorbinianK,bearni95" run: | GROUP_1_REQUIRED=0 @@ -41,4 +41,4 @@ jobs: else echo "Approval from both groups is required." exit 1 - fi \ No newline at end of file + fi From 093bd1f8a273e13ee51c010ec52f51a424d3da6f Mon Sep 17 00:00:00 2001 From: Korbinian Date: Fri, 8 Nov 2024 21:45:30 +0100 Subject: [PATCH 3/3] Update .github/workflows/group-approvals.yml Co-authored-by: Myron Rotter --- .github/workflows/group-approvals.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/group-approvals.yml b/.github/workflows/group-approvals.yml index afb71ff..8566585 100644 --- a/.github/workflows/group-approvals.yml +++ b/.github/workflows/group-approvals.yml @@ -1,7 +1,5 @@ name: Enforce Group-Based Approvals on: - pull_request: - types: [opened, synchronize, reopened, review_requested] pull_request_review: types: [submitted]