GitHub workflow to add PR maintainer checklist

[andrewtavis]

Terms

• I have searched open and closed feature requests
• I agree to follow activist's Code of Conduct

Description

This issue would complete the work already done in .github/workflows/pr_checklist.yaml to set up a PR checklist for activist. As of now this would just add a check for maintainers to make sure that the contributors account is set up to be added to the contributors graph. From there we could add further points like updating the changelog when activist shifts to versioned releases :)

Contribution

Happy to discuss and support someone on this!

[andrewtavis]

Looks like the action actions-comment-pull-request could be used for this, with this blog post being a good source for getting it up and running :)

[andrewtavis]

This PR shows the flow of the PR checklist. The message is displayed only after the PR is opened as desired :) Final edits are needed for the texts and then we’ll be good to close.

[andrewtavis]

Closed in 9d2ba97 :)

[andrewtavis]

This workflow failed on #187, so I'm removing it for now :) Issue is reopened and we can look into it later.

[andrewtavis]

It appears that remote repos don't have write permissions regardless of them having is directly assigned. The .yaml file has been converted to workflows/pr_maintainer_checklist.txt for now until we can get it up and running, as just commenting it out was causing it to still run nothing.

[andrewtavis]

It could be something in the repos settings is breaking all this 🤔

[linusha]

@andrewtavis have you seen this?

You can use the permissions key to add and remove read permissions for forked repositories, but typically you can't grant write access. The exception to this behavior is where an admin user has selected the Send write tokens to workflows from pull requests option in the GitHub Actions settings. For more information, see "Managing GitHub Actions settings for a repository." (from here)

From a quick glance it looks to me as if enabling that (Send write tokens to workflows from pull requests) option might solve the issue?

[andrewtavis]

I was expecting it was something like this :) Thanks @linusha! Nice to chat with you on here 😊😊 Will try it out soon and report back once I give a test. Would you be willing to do a trial PR for it to see if it works?

[linusha]

I was expecting it was something like this :) Thanks @linusha! Nice to chat with you on here blushblush Will try it out soon and report back once I give a test. Would you be willing to do a trial PR for it to see if it works?

Yes, absolutely. Just give me a 🚀 reaction here, once you had time to change the setting, ok? 🙂

[andrewtavis]

Will do! 😊😊

[andrewtavis]

Hey @linusha 👋 I'm checking the options and it seems that write permissions should be there already given the settings. The only thing I'm seeing is that forks might need approval to run for first time contributors 🤔

Looking at the note within controlling-changes-from-forks-to-workflows-in-public-repositories it says the following:

Note: Workflows triggered by pull_request_target events are run in the context of the base branch. Since the base branch is considered trusted, workflows triggered by these events will always run, regardless of approval settings. For more information about the pull_request_target event, see "Events that trigger workflows."

The current setup is on pull_request rather than pull_request_target, so this might make sense to change? A similar suggestion is made in this GitHub security blog post :) Making the change to pull_request_target now and changing the file back to .yaml. Would be great if you could check it at your convenience 😊

[linusha]

@andrewtavis I think it works?! 🙂
#189 has the comment 🎉

When you confirmed that everything works as expected, please feel more than free to just close the PR 😂

[andrewtavis]

Thanks, @linusha! Added you as an assignee to give some credit for the discussion and the PR 😊 Officially closed via d02c26c 🤖🚀

[andrewtavis]

Thanks for the help!!