Skip to content

Commit

Permalink
Add Reviewer Alias Validation to the Action (#7)
Browse files Browse the repository at this point in the history
For private repositories that have access to the repository restricted, when a reviewer defined in the yaml configuration file does not have access to the repository, the current action will print out a message in the action that we failed to add that reviewer to the pull request. However, the action "succeeds" and only manually checking the logs lets the PR author know that something went wrong.

The proposal in this change is to help PR authors detect when the aliases that are configured to be added to a PR do not have access. A comment gets created in the pull request with the aliases that do not have access. If the PR author solves this permission problem (either by giving access or removing the alias the config), the action will update the previous comment to notify the user that "All issues have been resolved". Only one comment is added by the action, and that comment will get updated based on the issue during that action run.

An additional parameter (`validate_all`) for the action has been added to allow the above validation to be run on every alias in the yaml configuration. This can be useful for scenarios where the PR author is editing the yaml configuration, and the workflow might want to validate those new alias at PR time instead of waiting until that alias is attempted to use in a subsequent PR and it fails.
  • Loading branch information
jamoor-moj authored Dec 10, 2024
1 parent 099c361 commit e43a7a4
Show file tree
Hide file tree
Showing 9 changed files with 1,175 additions and 79 deletions.
34 changes: 34 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,13 @@ jobs:
# This defaults to false if not specified.
# See https://github.com/necojackarc/auto-request-review/issues/76 for more details.
use_local: true
# Validates that all reviewers inside the config file (e.g. .github/reviewers.yml specified
# above) have access to be added as reviewers to the repository running this yaml. This
# can be used similar to native CODEOWNER errors reported by github:
# https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#list-codeowners-errors
#
# This defaults to false if not specified.
validate_all: true
```
### (Optional) GitHub Personal Access Token
Expand Down Expand Up @@ -248,3 +255,30 @@ on:
#### Dependabot compatibility

Note that with the [recent change to GitHub Actions that are created by Dependabot](https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/), the `pull_request` event will no longer give access to your secrets to this action. Instead you will need to use the `pull_request_target` event. If you do this make sure to read [Keeping your GitHub Actions and workflows secure: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) to understand the risks involved.

## Reviewer Access and Private Repos

The reviewer aliases defined in the configurations must have been given access to the repo in order to
be added as a code reviewer to the pull request.

If the action attempts to assign a reviewer that does not have access to the repo, a comment will be
automatically addded to the pull request to notify the author that not everyone was assigned.
```
The following reviewers did not have access to be added as reviewers, please review their access:

Individual Alias
- jamoor-test-twice

Team Alias
- fake-team-super-stale

Comment added by Auto Reviewer Robot 🤖: <Base64 Unique ID>
```
If the action is re-run post an administrator giving access to the aliases, or the aliases are removed
from the config yaml file, the action will update the comment to notify that all issues have been resolved.
```
All reviewer issues have been resolved!
Comment added by Auto Reviewer Robot 🤖: <Base64 Unique ID>
```
3 changes: 3 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@ inputs:
use_local:
required: false
default: 'false'
validate_all:
required: false
default: 'false'
runs:
using: 'node20'
main: 'dist/index.js'
176 changes: 169 additions & 7 deletions dist/index.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit e43a7a4

Please sign in to comment.