feat: controls panel #149
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Enforce QA and DEV Approvals | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| - review_requested | |
| - ready_for_review | |
| - labeled | |
| - unlabeled | |
| pull_request_review: | |
| jobs: | |
| setup-context: | |
| if: github.event.pull_request.base.ref == 'dev' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| pr_number: ${{ steps.set-vars.outputs.pr_number }} | |
| repo_owner: ${{ steps.set-vars.outputs.repo_owner }} | |
| repo_name: ${{ steps.set-vars.outputs.repo_name }} | |
| steps: | |
| - name: Set PR number and repo details | |
| id: set-vars | |
| run: | | |
| echo "Fetching context details..." | |
| PR_NUMBER=${{ github.event.pull_request.number }} | |
| if [ -z "$PR_NUMBER" ]; then | |
| echo "::error::PR number is missing from the event context." | |
| exit 1 | |
| fi | |
| REPO_OWNER=${{ github.repository_owner }} | |
| REPO_NAME=$(echo ${{ github.repository }} | cut -d'/' -f2) | |
| echo "pr_number=$PR_NUMBER" >> $GITHUB_OUTPUT | |
| echo "repo_owner=$REPO_OWNER" >> $GITHUB_OUTPUT | |
| echo "repo_name=$REPO_NAME" >> $GITHUB_OUTPUT | |
| enforce-approvals: | |
| if: github.event.pull_request.base.ref == 'dev' | |
| needs: setup-context | |
| runs-on: ubuntu-latest | |
| env: | |
| GH_TOKEN: ${{ secrets.ORG_ACCESS_TOKEN }} | |
| PR_NUMBER: ${{ needs.setup-context.outputs.pr_number }} | |
| REPO_OWNER: ${{ needs.setup-context.outputs.repo_owner }} | |
| REPO_NAME: ${{ needs.setup-context.outputs.repo_name }} | |
| steps: | |
| - name: Check for excluding labels | |
| run: | | |
| # Check if the label "auto-pr" is set | |
| LABELS=$(gh api \ | |
| "/repos/$REPO_OWNER/$REPO_NAME/issues/$PR_NUMBER/labels" --jq '.[].name') | |
| if echo "$LABELS" | grep -q "auto-pr"; then | |
| echo "SKIP=true" >> $GITHUB_ENV | |
| echo ">>> Skipping approval validation as 'auto-pr' label is set." | |
| exit 0 | |
| fi | |
| - name: Validate Group Approvals | |
| if: env.SKIP != 'true' | |
| run: | | |
| # Define the teams | |
| QA_TEAM="qa" | |
| DEV_TEAM="explorer-devs" | |
| # Fetch team members | |
| fetch_team_members() { | |
| local team_slug=$1 | |
| echo "Fetching team members for team: $team_slug" | |
| gh api \ | |
| "/orgs/$REPO_OWNER/teams/$team_slug/members" --jq '.[].login' | |
| } | |
| QA_MEMBERS=$(fetch_team_members "$QA_TEAM") | |
| DEV_MEMBERS=$(fetch_team_members "$DEV_TEAM") | |
| echo ">>> QA Team Members: $QA_MEMBERS" | |
| echo ">>> DEV Team Members: $DEV_MEMBERS" | |
| # Fetch PR reviews | |
| echo ">>> Fetching PR reviews for PR #$PR_NUMBER" | |
| PR_REVIEWS=$(gh api \ | |
| "/repos/$REPO_OWNER/$REPO_NAME/pulls/$PR_NUMBER/reviews" --jq '.[] | select(.state == "APPROVED") | .user.login') | |
| echo "Approved Reviews: $PR_REVIEWS" | |
| # Validate approvals | |
| HAS_QA_APPROVAL=false | |
| HAS_DEV_APPROVAL=false | |
| for reviewer in $PR_REVIEWS; do | |
| if echo "$QA_MEMBERS" | grep -q "^$reviewer$"; then | |
| HAS_QA_APPROVAL=true | |
| fi | |
| if echo "$DEV_MEMBERS" | grep -q "^$reviewer$"; then | |
| HAS_DEV_APPROVAL=true | |
| fi | |
| done | |
| if [ "$HAS_QA_APPROVAL" != true ] || [ "$HAS_DEV_APPROVAL" != true ]; then | |
| MISSING=() | |
| [ "$HAS_QA_APPROVAL" != true ] && MISSING+=("QA approval") | |
| [ "$HAS_DEV_APPROVAL" != true ] && MISSING+=("DEV approval") | |
| MISSING_MSG=$(IFS=", "; echo "${MISSING[*]}") | |
| echo "::error::PR must have at least 1: $MISSING_MSG." | |
| exit 1 | |
| fi | |
| echo ">>> PR has the required approvals." |