11name : PR self-approval
22
33on :
4- pull_request :
4+ # We need pull_request_target so we can use ${{ secrets.* }}.
5+ pull_request_target :
56 types :
67 - auto_merge_enabled
7- - auto_merge_disabled
8- pull_request_review :
9- types :
10- - submitted
118
129jobs :
1310 approve :
@@ -18,36 +15,15 @@ jobs:
1815 # submit our review, that'll trigger this workflow again, so only run if
1916 # someone other than us (i.e. alibuild) reviewed.
2017 if : >-
21- (github.event.action == 'submitted' &&
22- github.event.review.state == 'approved' &&
23- github.event.sender.login != 'alibuild' &&
24- contains(github.event.pull_request.labels.*.name, 'auto-approval-requested')) ||
25- ((github.event.action == 'auto_merge_enabled' ||
26- github.event.action == 'auto_merge_disabled') &&
18+ (github.event.action == 'auto_merge_enabled' &&
2719 github.event.sender.login == github.event.pull_request.user.login)
2820
2921 steps :
30- - name : Add label when auto-merge is enabled
31- if : github.event.action == 'auto_merge_enabled'
32- uses : actions-ecosystem/action-add-labels@v1
33- with :
34- labels : auto-approval-requested
35- github_token : ${{ secrets.ALIBUILD_GITHUB_TOKEN }}
36-
37- - name : Remove label when auto-merge is disabled
38- if : github.event.action == 'auto_merge_disabled'
39- uses : actions-ecosystem/action-remove-labels@v1
40- with :
41- labels : auto-approval-requested
42- github_token : ${{ secrets.ALIBUILD_GITHUB_TOKEN }}
43-
4422 - name : Install dependencies
45- if : github.event.action != 'auto_merge_disabled'
4623 run : pip install codeowners PyGithub
4724
4825 # Approve the PR, if the author is only editing files owned by themselves.
4926 - name : Auto-approve PR if permitted
50- if : github.event.action != 'auto_merge_disabled'
5127 shell : python
5228 env :
5329 submitter : ${{ github.event.pull_request.user.login }}
7551 if owner_type == 'USERNAME':
7652 return owner_name.lstrip('@') == os.environ['submitter']
7753 elif owner_type == 'TEAM':
78- org, _, team_name = user_or_team .lstrip('@').partition('/')
54+ org, _, team_name = owner_name .lstrip('@').partition('/')
7955 try:
8056 gh.get_organization(org) \
8157 .get_team_by_slug(team_name) \
9571 pr = repo.get_pull(int(os.environ['pr']))
9672 owners = CodeOwners(repo.get_contents('CODEOWNERS')
9773 .decoded_content.decode('utf-8'))
98- approvals_from = {review.user for review in pr.get_reviews()
74+ approvals_from = {review.user.login for review in pr.get_reviews()
9975 if review.state == 'APPROVED'}
10076
10177 # At least one username per CODEOWNERS line must match the submitter
10581 auto_approve = True
10682 for filename in (f.filename for f in pr.get_files()):
10783 file_owners, line = owners.matching_line(filename)
108- file_owners_names = {name for _, name in file_owners}
84+ file_owners_names = {name.lstrip('@') for _, name in file_owners}
10985 if approvals_from & file_owners_names:
11086 print(f'{filename}: OK: you have approval from the code'
11187 ' owners of this file, specifically:',
@@ -131,5 +107,5 @@ jobs:
131107 else:
132108 print('::warning::Not approving PR. You can see whose approval'
133109 ' you need in the messages above. This check will run again'
134- " when someone approves this PR, or when the PR's author"
135- ' disables and reenables auto-merge.', file=sys.stderr)
110+ " when the PR's author disables and reenables auto-merge.",
111+ file=sys.stderr)
0 commit comments