Approval #3825
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Approval | |
on: | |
pull_request: | |
branches: [main] | |
pull_request_review: | |
jobs: | |
require_approval: | |
name: Require Approval | |
runs-on: ubuntu-latest | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
if: | | |
startsWith(github.event.pull_request.head.ref, 'feature/') || | |
startsWith(github.event.pull_request.head.ref, 'fix/') || | |
startsWith(github.event.pull_request.head.ref, 'improvement/') || | |
startsWith(github.event.pull_request.head.ref, 'improvements/') || | |
startsWith(github.event.pull_request.head.ref, 'bugfix/') || | |
startsWith(github.event.pull_request.head.ref, 'hotfix/') | |
steps: | |
- id: token | |
name: Authenticate | |
uses: getsentry/action-github-app-token@v1 | |
with: | |
app_id: ${{ secrets.CARLSBERG_SECURITY_APP_ID }} | |
private_key: '${{ secrets.CARLSBERG_SECURITY_APP_PRIVATE_KEY }}' | |
- id: check | |
name: Check Reviewers | |
uses: actions/github-script@v6 | |
with: | |
github-token: ${{ steps.token.outputs.token }} | |
script: | | |
let conclusion = "failure"; | |
let { data: reviews } = await github.rest.pulls.listReviews({ | |
...context.repo, | |
pull_number: "${{ github.event.pull_request.number }}", | |
per_page: 100, | |
}); | |
reviews = reviews.filter(({ state }) => state === "APPROVED"); | |
if (reviews.length > 0) { | |
for (const review of reviews) { | |
const { | |
user: { login }, | |
} = review; | |
console.log(`Checking if ${login} is part of malty-designers...`); | |
try { | |
const resp = await github.rest.teams.getMembershipForUserInOrg({ | |
org: context.repo.owner, | |
team_slug: "malty-designers", | |
username: login, | |
}); | |
console.log("Got response from getMembership:", resp); | |
conclusion = "success" | |
break; | |
} catch (err) { | |
console.log("Failed to validate membership:", err); | |
} | |
} | |
} | |
const resp = await github.rest.checks.create({ | |
...context.repo, | |
name: "approval-workflow", | |
head_sha: "${{ github.event.pull_request.head.sha }}", | |
status: "completed", | |
conclusion: conclusion, | |
output: { | |
title: "Waiting for designer's approval", | |
summary: "This pull request requires an approval from a designer", | |
}, | |
}); | |
console.log("Got response from checks.create:", resp); |