Skip to content

Implement '/lgtm' ChatOps Workflow.#612

Closed
revit13 wants to merge 10 commits intollm-d:mainfrom
revit13:lgtm1
Closed

Implement '/lgtm' ChatOps Workflow.#612
revit13 wants to merge 10 commits intollm-d:mainfrom
revit13:lgtm1

Conversation

@revit13
Copy link

@revit13 revit13 commented Feb 12, 2026

This pr replaces the Prow-based /lgtm implementation (#580).

The solution decouples the logic into the following workflows:

  • Command Handler (lgtm-command): Validates authorized users and triggers auto-merge.
  • Gatekeeper (lgtm-gatekeeper): A Required Status Check that blocks merges if lgtm or approve is missing or hold label exist.
  • Reset Mechanism (lgtm-reset): Automatically revokes approval (removes lgtm) when new commits are pushed. (triggers Gatekeeper)
    below is a diagram of the execution flow.

Note:

  • auto-merge should be enabled for all branches.
  • All other ChatOps commands remain handled by jpmcb/prow-github-actions.
  • The Gatekeeper workflow must be manually configured as a Required Status Check for all branches (can be done via the GitHub UI). This step is critical to ensure auto-merge waits for the safety checks to pass.
  • A GitHub App is used with tibdex/github-app-token@v1 to generate tokens that bypass the GITHUB_TOKEN restriction, ensuring that bot-triggered events (like labeling) successfully spawn subsequent workflow runs.

Tested on my local fork.

architecture

Signed-off-by: Revital Sur <eres@il.ibm.com>
…tekeeper' workflow.

Signed-off-by: Revital Sur <eres@il.ibm.com>
Signed-off-by: Revital Sur <eres@il.ibm.com>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo in file name, missing n

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks will fix it.

@@ -0,0 +1,18 @@
name: ChatOps Dispatcher
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

due to my lack of knowledge, what does this action do? Is only used to dispatch other jobs when a comment is made?

Copy link
Author

@revit13 revit13 Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes It is a "traffic controller" action that robustly parses slash commands (like /lgtm) from comments, validates user permissions, and dispatches events to trigger specific workflows.

@@ -0,0 +1,18 @@
name: ChatOps Dispatcher
on:
issue_comment:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Q: shuoldn't this be done on PR comments? (assuming there is such a trigger)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, apparently in GitHub's internal architecture, every Pull Request is an Issue. It has issue-type: pull-request defined later in the yml...

#
# Flow:
# 1. User comments /lgtm on PR
# 2. chatops-dispatcher catches it and dispatches here
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how does the dispatcher know which job/action to invoke?
I did not see a reference to lgtm-command in that file.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is an "invisible handshake" done through Events, not file references. When /lgtm is typed, the slash-command-dispatch action fires a Repository Dispatch event. By default, it constructs the event type by adding -command to the slash command.

The Signal: When the dispatcher validates the /lgtm comment, it broadcasts a repository_dispatch event with the custom type lgtm-command.

The Listener: The lgtm-command.yml workflow is explicitly configured to listen for this signal via types: [lgtm-command].

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not a fan of calling it "chatops" in file or action name. Please use a more specific name (e.g. dispatch-on-lgtm)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure Thanks

- name: Apply Label & Merge
if: steps.check.outputs.authorized == 'true'
env:
GH_TOKEN: ${{ secrets.BOT_TOKEN }}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Q: how do we issue and maintain a bot token? who owns it (e.g., user associated, expiration time, ...)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I need to investigate how to properly configure a Personal Access Token (PAT) for this repository.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've updated the workflows to use a GitHub App via tibdex/github-app-token@v1, which generates short-lived access tokens automatically. This eliminates the need for a dedicated, long-lived Personal Access Token (PAT) and ensures that bot-triggered events successfully spawn subsequent workflow runs.

exit 1
fi

echo "Waiting 5 minutes before setting auto-merge..."
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is the sleep required?
having a job wait for 5m slows down the loop. Is there a way to structure the events so the wait is not needed?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, its not needed and can be removed. I wanted to give the pr writer or other approver an opportunity to take a final look at the checks or the code before the merge sequence officially started when the testing is finishes quickly. I will remove it.

@@ -0,0 +1,42 @@
# ============================================================================
# LGTM Gatekeeper - Required Status Check
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Q: there seems to be quite a bit of overlap between this file and the previous. Can you explain how they differ and what purpuse they serve.

Copy link
Author

@revit13 revit13 Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I generated a diagram hope it helps to clarify.
output

exit 1
fi

echo "✅ PASSED: LGTM present and no blockers." No newline at end of file
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: missing newline at end of file

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks will fix that.

gh pr merge --disable-auto $PR_NUMBER --repo "$REPO" || true

# 3. Notify user
gh issue comment $PR_NUMBER --repo "$REPO" --body "🔄 **Reset**: New commits pushed. LGTM removed." No newline at end of file
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: newline at end of file

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks will fix that.

@vMaroon
Copy link
Member

vMaroon commented Feb 13, 2026

Hi @revit13, @elevran, how is this positioned with Andy's

@elevran
Copy link
Collaborator

elevran commented Feb 13, 2026

It is complementary.
The prow auto merge was not working reliably and this attempts to fix it. A reliably working version would be moved to the shared infra.

Signed-off-by: Revital Sur <eres@il.ibm.com>
Signed-off-by: Revital Sur <eres@il.ibm.com>
@revit13 revit13 marked this pull request as ready for review February 15, 2026 08:21
Signed-off-by: Revital Sur <eres@il.ibm.com>
Signed-off-by: Revital Sur <eres@il.ibm.com>
@revit13 revit13 changed the title Implement "LGTM" ChatOps Workflow. Implement '/lgtm' ChatOps Workflow. Feb 16, 2026
DEVELOPMENT.md Outdated

## PR Approval Process

The project uses a Prow-inspired ChatOps system to manage PR approvals via comment commands.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ChatOps was removed from PR ?

Copy link
Author

@revit13 revit13 Feb 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ChatOps hasn't been removed, but the /lgtm command was separated from the standard Prow bot into a dedicated, custom workflow.

- ✅ **Both `lgtm` and `approve` labels** - Required for merge approval
- ✅ **No blocking labels** - The `hold` label must not be present
- ✅ **All required status checks passing** - CI/CD checks must succeed

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please Signed verified commits

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated Developer.md: Added documentation noting that signed commits can be enforced as a pre-merge check via branch rulesets

Signed-off-by: Revital Sur <eres@il.ibm.com>
Signed-off-by: Revital Sur <eres@il.ibm.com>
@revit13 revit13 marked this pull request as draft February 27, 2026 04:55
@revit13
Copy link
Author

revit13 commented Feb 27, 2026

Thanks for the feedback on this! I'm going to close this out for now so I can do some more thorough testing on my end before moving forward.

@revit13 revit13 closed this Feb 27, 2026
@github-project-automation github-project-automation bot moved this from In review to Done in llm-d-inference-scheduler Feb 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

4 participants