Skip to content

Approval

Approval #3825

Workflow file for this run

name: Approval
on:
pull_request:
branches: [main]
pull_request_review:
jobs:
require_approval:
name: Require Approval
runs-on: ubuntu-latest
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
if: |
startsWith(github.event.pull_request.head.ref, 'feature/') ||
startsWith(github.event.pull_request.head.ref, 'fix/') ||
startsWith(github.event.pull_request.head.ref, 'improvement/') ||
startsWith(github.event.pull_request.head.ref, 'improvements/') ||
startsWith(github.event.pull_request.head.ref, 'bugfix/') ||
startsWith(github.event.pull_request.head.ref, 'hotfix/')
steps:
- id: token
name: Authenticate
uses: getsentry/action-github-app-token@v1
with:
app_id: ${{ secrets.CARLSBERG_SECURITY_APP_ID }}
private_key: '${{ secrets.CARLSBERG_SECURITY_APP_PRIVATE_KEY }}'
- id: check
name: Check Reviewers
uses: actions/github-script@v6
with:
github-token: ${{ steps.token.outputs.token }}
script: |
let conclusion = "failure";
let { data: reviews } = await github.rest.pulls.listReviews({
...context.repo,
pull_number: "${{ github.event.pull_request.number }}",
per_page: 100,
});
reviews = reviews.filter(({ state }) => state === "APPROVED");
if (reviews.length > 0) {
for (const review of reviews) {
const {
user: { login },
} = review;
console.log(`Checking if ${login} is part of malty-designers...`);
try {
const resp = await github.rest.teams.getMembershipForUserInOrg({
org: context.repo.owner,
team_slug: "malty-designers",
username: login,
});
console.log("Got response from getMembership:", resp);
conclusion = "success"
break;
} catch (err) {
console.log("Failed to validate membership:", err);
}
}
}
const resp = await github.rest.checks.create({
...context.repo,
name: "approval-workflow",
head_sha: "${{ github.event.pull_request.head.sha }}",
status: "completed",
conclusion: conclusion,
output: {
title: "Waiting for designer's approval",
summary: "This pull request requires an approval from a designer",
},
});
console.log("Got response from checks.create:", resp);