Pull Request Ready for Review #25745
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pull Request Ready for Review | |
on: | |
pull_request: | |
types: [labeled, unlabeled, synchronize, ready_for_review, review_requested] | |
workflow_run: | |
workflows: ["Code Checks", "Check CODEOWNERS Entries", "Code Health Report"] | |
types: [completed] | |
jobs: | |
ready_for_review: | |
permissions: write-all | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Configure AWS Credentials | |
uses: aws-actions/[email protected] | |
with: | |
aws-access-key-id: ${{ secrets.aws_access_key_id }} | |
aws-secret-access-key: ${{ secrets.aws_secret_access_key }} | |
aws-region: "us-gov-west-1" | |
- name: Get bot token from Parameter Store | |
uses: marvinpinto/action-inject-ssm-secrets@latest | |
with: | |
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | |
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | |
# If no failures, no_failures=true | |
- name: Audit PR Labels | |
id: audit_pr_labels | |
if: | | |
!contains(github.event.pull_request.labels.*.name, 'code-health-failure') && | |
!contains(github.event.pull_request.labels.*.name, 'codeowners-addition-failure') && | |
!contains(github.event.pull_request.labels.*.name, 'codeowners-delete-failure') && | |
!contains(github.event.pull_request.labels.*.name, 'lint-failure') && | |
!contains(github.event.pull_request.labels.*.name, 'test-failure') | |
run: | | |
echo "no_failures=true" >> $GITHUB_OUTPUT | |
# If test-passing label is present, ready_for_review=true | |
- name: Audit Test Passing Label | |
id: audit_passing_labels | |
if: | | |
contains(github.event.pull_request.labels.*.name, 'test-passing') | |
run: | | |
echo "ready_for_review=true" >> $GITHUB_OUTPUT | |
# If require-backend-approval label is present, get reviews | |
- name: Check backend-review-group approval status | |
if: contains(github.event.pull_request.labels.*.name, 'require-backend-approval') | |
id: check_backend_review_group_approval_status | |
uses: octokit/[email protected] | |
with: | |
route: GET /repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# | |
- name: Get backend-review-group members | |
if: contains(github.event.pull_request.labels.*.name, 'require-backend-approval') | |
id: get_team_members | |
uses: octokit/[email protected] | |
with: | |
route: GET /orgs/department-of-veterans-affairs/teams/backend-review-group/members | |
env: | |
GITHUB_TOKEN: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }} | |
- name: Verify backend-review-group approval | |
if: contains(github.event.pull_request.labels.*.name, 'require-backend-approval') | |
id: verify_approval | |
run: | | |
BACKEND_REVIEWERS=$(cat <<'EOF' | jq -r '.[].login' | tr '\n' '|' | sed 's/|$//' | |
${{ steps.get_team_members.outputs.data }} | |
EOF | |
) | |
APPROVALS=$(cat <<'EOF' | jq -r '.[] | select(.state == "APPROVED") | .user.login' | grep -iE "$BACKEND_REVIEWERS" | wc -l | |
${{ steps.check_backend_review_group_approval_status.outputs.data }} | |
EOF | |
) | |
echo "Number of backend-review-group approvals: $APPROVALS" | |
if [ "$APPROVALS" -eq 0 ]; then | |
echo "approval_status=required" >> $GITHUB_OUTPUT | |
else | |
echo "approval_status=confirmed" >> $GITHUB_OUTPUT | |
fi | |
# Add ready-for-backend-review when all checks are passing and approval | |
- name: Add Review label | |
uses: actions-ecosystem/action-add-labels@v1 | |
if: | | |
github.event.pull_request.draft == false && | |
steps.audit_passing_labels.outputs.ready_for_review == 'true' && | |
steps.audit_pr_labels.outputs.no_failures == 'true' && | |
steps.verify_approval.outputs.approval_status == 'required' | |
with: | |
number: ${{ github.event.pull_request.number }} | |
labels: | | |
ready-for-backend-review | |
- name: Remove Review label | |
uses: actions-ecosystem/action-remove-labels@v1 | |
if: | | |
github.event.pull_request.draft == true || | |
( | |
contains(github.event.pull_request.labels.*.name, 'ready-for-backend-review') && | |
steps.audit_passing_labels.outputs.ready_for_review != 'true' || | |
steps.audit_pr_labels.outputs.no_failures != 'true' || | |
steps.verify_approval.outputs.approval_status == 'confirmed' | |
) | |
with: | |
number: ${{ github.event.pull_request.number }} | |
labels: | | |
ready-for-backend-review |