Open utterances-bot opened 2 years ago
interesting approach - I have created similar one using graphql and adding dependency on subsequent jobs...
So in my case approval will only start when a specific comment exxcluding my account would be triggered :)
jobs:
approval-check:
if: |
github.event.issue.pull_request && github.event.comment.login != 'my-automation-account' && (
startsWith( github.event.comment.body, '/do-x' ) ||
startsWith( github.event.comment.body, '/do-y' )
)
runs-on: ubuntu-latest
steps:
- uses: hmarr/debug-action@v2
- name: check/pr-approved
id: approval
run: |
echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token
APPROVAL_STATE=$(gh api graphql -F org='RafPe' -F repo=${{ github.event.repository.name }} -F pr=${{ github.event.issue.number }} -f query=' query approval($org: String!,$repo: String!,$pr: Int!) { repository(name: $repo, owner: $org) { pullRequest(number: $pr) { title reviewDecision url } } }' -q '.data.repository.pullRequest.reviewDecision')
echo "I have status of $APPROVAL_STATE"
echo "::set-output name=state::$APPROVAL_STATE"
- name: missing-approval
if: steps.approval.outputs.state != 'APPROVED'
uses: actions/github-script@v3
with:
script: |
core.setFailed('Missing approval!')
setup:
needs: approval-check
runs-on: ubuntu-latest
outputs:
workspaces: ${{ steps.parser.outputs.workspaces }}
apply: ${{ steps.parser.outputs.apply }}
brand: ${{ steps.parser.outputs.brand }}
steps:
- uses: hmarr/debug-action@v2
- name: parse comment
id: parser
# ..... rest of the code to parse comes here
@RafPe That's a great example of a complex condition!
if: | github.event.issue.pull_request && github.event.comment.login != 'my-automation-account' && ( startsWith( github.event.comment.body, '/do-x' ) || startsWith( github.event.comment.body, '/do-y' ) )
And I see, so not so much of an approval per se, but requiring someone other than the pull request creator to issue the command. ,
Also, setting the job as "failed" if it doesn't meet the requirements. I go back and forth, but I don't like my job showing as "red" (aka failed) if it is missing something like this since then it kind of looks like something went wrong. In my favorite example of this, I just don't run the second job when it doesn't meet the criteria.
ApproveOps: GitHub IssueOps with Approvals | josh-ops
Using GitHub Actions to build automation on top of Issues (IssueOps) with Approvals from someone in a designated GitHub team
https://josh-ops.com/posts/github-approveops/