-
Notifications
You must be signed in to change notification settings - Fork 8.6k
83 lines (72 loc) · 3.61 KB
/
auto-approve-machine-prs.yml
File metadata and controls
83 lines (72 loc) · 3.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# Generic auto-approve for machine-created PRs.
# Add new rules to the whitelist in the check step; approval runs when any rule matches.
# Each rule can optionally specify a `token` field to control the approving identity:
# 'kibana' - approve as kibanamachine using KIBANAMACHINE_TOKEN
# 'github' - approve as github-actions[bot] using the default GITHUB_TOKEN
name: Auto-approve machine PRs
on:
pull_request_target:
types:
- opened
jobs:
approve:
name: Auto-approve machine PR
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- id: check
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const user = context.payload.pull_request.user.login;
const headRef = context.payload.pull_request.head.ref;
const baseRef = context.payload.pull_request.base.ref;
const whitelist = [
// { user: 'kibanamachine', branchPrefix: 'api_docs', baseMatch: /^main$/, token: 'kibana' },
// { user: 'kibanamachine', branchPrefix: 'backport', baseNotMatch: /^main$/, token: 'kibana' },
{ user: 'kibanamachine', branchPrefix: 'scout_metadata_update', token: 'github' },
{ user: 'elastic-vault-github-plugin-prod[bot]', branchPrefix: 'update-bundled-packages', paths: ['fleet_packages.json'], token: 'kibana' },
];
// Fetch the list of changed files in the PR
const files = await github.rest.pulls.listFiles({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.payload.pull_request.number,
});
const changedFiles = files.data.map(file => file.filename);
core.info(`Changed files: ${changedFiles.join(', ')}`);
const matchedRule = whitelist.find((rule) => {
if (rule.user !== user) return false;
if (!headRef.startsWith(rule.branchPrefix)) return false;
if (rule.baseMatch && !rule.baseMatch.test(baseRef)) return false;
if (rule.baseNotMatch && rule.baseNotMatch.test(baseRef)) return false;
// If paths is specified, verify at least one changed file matches
if (rule.paths) {
const hasMatchingFile = changedFiles.some(file =>
rule.paths.some(path => {
// Support glob patterns
if (path.includes('*')) {
const regex = new RegExp('^' + path.replace(/\*/g, '.*') + '$');
return regex.test(file);
}
return file === path;
})
);
if (!hasMatchingFile) {
core.info(`File check failed for rule ${rule.user}/${rule.branchPrefix}: no changed files match paths`);
return false;
}
}
return true;
});
core.setOutput('should_approve', matchedRule ? 'true' : 'false');
core.setOutput('token', matchedRule?.token ?? 'kibana');
- uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0
if: steps.check.outputs.should_approve == 'true' && steps.check.outputs.token == 'github'
with:
github-token: ${{ github.token }}
- uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0
if: steps.check.outputs.should_approve == 'true' && steps.check.outputs.token == 'kibana'
with:
github-token: ${{ secrets.KIBANAMACHINE_TOKEN }}