From 1f8d334a0739fdb146ccf7ca30f9838e10845d48 Mon Sep 17 00:00:00 2001 From: Rubens Farias Date: Wed, 26 Oct 2022 14:46:13 -0300 Subject: [PATCH 1/2] Add bypass approval github workflow --- .github/workflows/emergency-review-bypass.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/emergency-review-bypass.yaml b/.github/workflows/emergency-review-bypass.yaml index aedf9f4..daf64ed 100644 --- a/.github/workflows/emergency-review-bypass.yaml +++ b/.github/workflows/emergency-review-bypass.yaml @@ -8,7 +8,7 @@ permissions: jobs: approve: if: github.event.label.name == 'Emergency Bypass Review' - runs-on: self-hosted + runs-on: ubuntu-latest steps: - name: approve pull request uses: hmarr/auto-approve-action@9ae347e9f84a25da76c915a406cb17cfece1716d From 0b923fa3ca0186a11d3dab902952d2bc98ab8d71 Mon Sep 17 00:00:00 2001 From: Rubens Farias Date: Wed, 26 Oct 2022 14:53:38 -0300 Subject: [PATCH 2/2] Update --- .../workflows/emergency-review-bypass.yaml | 13 ++---------- .github/workflows/notify-approval-bypass.yaml | 21 ++----------------- 2 files changed, 4 insertions(+), 30 deletions(-) diff --git a/.github/workflows/emergency-review-bypass.yaml b/.github/workflows/emergency-review-bypass.yaml index daf64ed..3d0b436 100644 --- a/.github/workflows/emergency-review-bypass.yaml +++ b/.github/workflows/emergency-review-bypass.yaml @@ -8,14 +8,5 @@ permissions: jobs: approve: if: github.event.label.name == 'Emergency Bypass Review' - runs-on: ubuntu-latest - steps: - - name: approve pull request - uses: hmarr/auto-approve-action@9ae347e9f84a25da76c915a406cb17cfece1716d - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - pull-request-number: ${{ github.event.inputs.pullRequestNumber }} - - name: Slack Notification - run: | - jq --null-input '{ text: "Oh no! The following PR was emergency approved: ${{github.event.pull_request.html_url}}" }' \ - | curl -sSL -X POST -H 'Content-Type: application/json' -d @- '${{ secrets.SLACK_MERGE_WITHOUT_APPROVAL_WEBHOOK }}' + uses: bufbuild/base-workflows/.github/workflows/emergency-review-bypass.yaml@main + secrets: inherit diff --git a/.github/workflows/notify-approval-bypass.yaml b/.github/workflows/notify-approval-bypass.yaml index bf10496..14af550 100644 --- a/.github/workflows/notify-approval-bypass.yaml +++ b/.github/workflows/notify-approval-bypass.yaml @@ -9,22 +9,5 @@ permissions: pull-requests: read jobs: approval: - runs-on: ubuntu-latest - steps: - - name: Fail If No Approval - if: ${{ github.event.pull_request.merged }} - env: - AUTH_HEADER: 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' - JSON_HEADER: 'Content-Type: application/json' - REVIEWS_URL: 'https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews' - run: | - curl -sSL -H "${JSON_HEADER}" -H "${AUTH_HEADER}" "${REVIEWS_URL}" \ - | jq -e '. | map({user: .user.login, state: .state}) - | reduce .[] as $x ({}; .[$x.user] = $x.state) - | to_entries | map(.value) - | contains(["APPROVED"]) and (contains(["CHANGES_REQUESTED"]) | not)' - - name: Slack Notification - if: ${{ failure() }} - run: | - jq --null-input '{ text: "Oh no! The following PR was merged without approval: w${{github.event.pull_request.html_url}}" }' \ - | curl -sSL -X POST -H 'Content-Type: application/json' -d @- '${{ secrets.SLACK_MERGE_WITHOUT_APPROVAL_WEBHOOK }}' + uses: bufbuild/base-workflows/.github/workflows/notify-approval-bypass.yaml@main + secrets: inherit