aspire.dev/.github/workflows/auto-merge-integration-data.yml at f7fcb4c7710023e80d86afefa5e264ce30f227d3 · microsoft/aspire.dev · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: Auto Merge Integration Data PRs

on:
  pull_request_target:
    types:
      - opened
      - reopened
      - synchronize
      - ready_for_review
      - labeled

permissions:
  contents: read

concurrency:
  group: auto-merge-integration-data-${{ github.event.pull_request.number }}
  cancel-in-progress: true

jobs:
  approve-and-auto-merge:
    if: >-
      github.event.pull_request.head.repo.full_name == github.repository &&
      contains(github.event.pull_request.labels.*.name, ':octocat: auto-merge') &&
      contains(github.event.pull_request.body, 'gh-aw-workflow-id: update-integration-data') &&
      !github.event.pull_request.draft
    runs-on: ubuntu-latest
    steps:
      - name: Generate GitHub App token
        id: app-token
        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3
        with:
          app-id: ${{ secrets.ASPIRE_BOT_APP_ID }}
          private-key: ${{ secrets.ASPIRE_BOT_PRIVATE_KEY }}
          owner: ${{ github.repository_owner }}
          repositories: ${{ github.event.repository.name }}
          github-api-url: ${{ github.api_url }}
          permission-contents: write
          permission-pull-requests: write
      - name: Approve PR and enable squash auto-merge
        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
        with:
          github-token: ${{ steps.app-token.outputs.token }}
          script: |
            const pullNumber = context.payload.pull_request.number;
            const { owner, repo } = context.repo;

            const pr = (await github.rest.pulls.get({
              owner,
              repo,
              pull_number: pullNumber
            })).data;

            if (pr.draft) {
              core.info(`Pull request #${pullNumber} is still a draft; skipping.`);
              return;
            }

            const viewer = await github.graphql(`query ViewerLogin {
              viewer {
                login
              }
            }`);
            const reviews = await github.paginate(github.rest.pulls.listReviews, {
              owner,
              repo,
              pull_number: pullNumber,
              per_page: 100
            });

            const alreadyApproved = reviews.some(review =>
              review.user?.login === viewer.viewer.login && review.state === 'APPROVED');

            if (!alreadyApproved) {
              await github.rest.pulls.createReview({
                owner,
                repo,
                pull_number: pullNumber,
                event: 'APPROVE',
                body: 'Automatically approving the workflow-generated integration data update.'
              });
              core.info(`Approved pull request #${pullNumber} as ${viewer.viewer.login}.`);
            } else {
              core.info(`Pull request #${pullNumber} is already approved by ${viewer.viewer.login}.`);
            }

            const currentMergeMethod = pr.auto_merge?.merge_method ?? null;

            if (currentMergeMethod === 'squash') {
              core.info(`Pull request #${pullNumber} already has squash auto-merge enabled.`);
              return;
            }

            if (currentMergeMethod) {
              await github.graphql(
                `mutation DisableAutoMerge($pullRequestId: ID!) {
                  disablePullRequestAutoMerge(input: { pullRequestId: $pullRequestId }) {
                    clientMutationId
                  }
                }`,
                { pullRequestId: pr.node_id }
              );

              core.info(`Disabled existing ${currentMergeMethod} auto-merge setting.`);
            }

            await github.graphql(
              `mutation EnableAutoMerge($pullRequestId: ID!) {
                enablePullRequestAutoMerge(input: { pullRequestId: $pullRequestId, mergeMethod: SQUASH }) {
                  pullRequest {
                    number
                    autoMergeRequest {
                      mergeMethod
                    }
                  }
                }
              }`,
              { pullRequestId: pr.node_id }
            );

            core.info(`Enabled squash auto-merge for pull request #${pullNumber}.`);

      - name: Invalidate GitHub App token
        if: always() && steps.app-token.outputs.token != ''
        env:
          GITHUB_SERVER_URL: ${{ github.server_url }}
          TOKEN: ${{ steps.app-token.outputs.token }}
        run: |
          echo "Revoking GitHub App installation token..."
          GH_HOST="${GITHUB_SERVER_URL#https://}"
          GH_HOST="${GH_HOST#http://}"
          export GH_HOST
          gh api \
            --hostname "$GH_HOST" \
            --method DELETE \
            -H "Authorization: token $TOKEN" \
            "/installation/token" || echo "Token revoke may already be expired."

          echo "Token invalidation step complete."