Skip to content

Commit

Permalink
Add bypass approval github workflow (#365)
Browse files Browse the repository at this point in the history
  • Loading branch information
rubensf authored Sep 23, 2022
1 parent eb946c0 commit 74e21a3
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 0 deletions.
21 changes: 21 additions & 0 deletions .github/workflows/emergency-review-bypass.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: Bypass review in case of emergency
on:
pull_request:
types:
- labeled
permissions:
pull-requests: write
jobs:
approve:
if: github.event.label.name == 'Emergency Bypass Review'
runs-on: self-hosted
steps:
- name: approve pull request
uses: hmarr/auto-approve-action@9ae347e9f84a25da76c915a406cb17cfece1716d
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
pull-request-number: ${{ github.event.inputs.pullRequestNumber }}
- name: Slack Notification
run: |
jq --null-input '{ text: "Oh no! The following PR was emergency approved: ${{github.event.pull_request.html_url}}" }' \
| curl -sSL -X POST -H 'Content-Type: application/json' -d @- '${{ secrets.SLACK_MERGE_WITHOUT_APPROVAL_WEBHOOK }}'
30 changes: 30 additions & 0 deletions .github/workflows/notify-approval-bypass.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: PR Approval Bypass Notifier
on:
pull_request:
types:
- closed
branches:
- main
permissions:
pull-requests: read
jobs:
approval:
runs-on: ubuntu-latest
steps:
- name: Fail If No Approval
if: ${{ github.event.pull_request.merged }}
env:
AUTH_HEADER: 'Authorization: token ${{ secrets.GITHUB_TOKEN }}'
JSON_HEADER: 'Content-Type: application/json'
REVIEWS_URL: 'https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews'
run: |
curl -sSL -H "${JSON_HEADER}" -H "${AUTH_HEADER}" "${REVIEWS_URL}" \
| jq -e '. | map({user: .user.login, state: .state})
| reduce .[] as $x ({}; .[$x.user] = $x.state)
| to_entries | map(.value)
| contains(["APPROVED"]) and (contains(["CHANGES_REQUESTED"]) | not)'
- name: Slack Notification
if: ${{ failure() }}
run: |
jq --null-input '{ text: "Oh no! The following PR was merged without approval: w${{github.event.pull_request.html_url}}" }' \
| curl -sSL -X POST -H 'Content-Type: application/json' -d @- '${{ secrets.SLACK_MERGE_WITHOUT_APPROVAL_WEBHOOK }}'

0 comments on commit 74e21a3

Please sign in to comment.