forked from awslabs/python-deequ
-
Notifications
You must be signed in to change notification settings - Fork 0
101 lines (86 loc) · 3.81 KB
/
Copy pathauto-approve.yml
File metadata and controls
101 lines (86 loc) · 3.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
name: Auto-Approve Clean PRs
on:
workflow_run:
workflows: [".github/workflows/base.yml", "PyDeequ Bot"]
types: [completed]
permissions:
pull-requests: write
actions: read
jobs:
approve:
runs-on: ubuntu-latest
if: github.event.workflow_run.event == 'pull_request' || github.event.workflow_run.event == 'pull_request_target'
timeout-minutes: 2
steps:
- name: Find PR and check both conditions
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const sha = context.payload.workflow_run.head_sha;
const owner = context.repo.owner;
const repo = context.repo.repo;
// Find the PR for this SHA
let prNumber = null;
const prs = context.payload.workflow_run.pull_requests;
if (prs && prs.length > 0) {
prNumber = prs[0].number;
} else {
const {data: searchResult} = await github.rest.pulls.list({
owner, repo, state: 'open', sort: 'updated', direction: 'desc', per_page: 30
});
const match = searchResult.find(pr => pr.head.sha === sha);
if (match) {
prNumber = match.number;
}
}
if (!prNumber) {
core.info(`No open PR found for SHA ${sha}, skipping`);
return;
}
core.info(`Found PR #${prNumber} for SHA ${sha}`);
// Verify the PR head SHA still matches (no new push since trigger)
const {data: pr} = await github.rest.pulls.get({
owner, repo, pull_number: prNumber
});
if (pr.head.sha !== sha) {
core.info(`PR head ${pr.head.sha} differs from trigger SHA ${sha} — new push arrived, skipping`);
return;
}
// Condition 1: CI must have passed for this SHA
const {data: workflowRuns} = await github.rest.actions.listWorkflowRunsForRepo({
owner, repo, head_sha: sha, status: 'completed'
});
const ciRun = workflowRuns.workflow_runs.find(r =>
r.name === '.github/workflows/base.yml' && r.conclusion === 'success'
);
if (!ciRun) {
core.info(`CI has not passed for SHA ${sha}, skipping`);
return;
}
// Condition 2: Bot must have posted a clean review for this SHA
const {data: reviews} = await github.rest.pulls.listReviews({
owner, repo, pull_number: prNumber
});
const CLEAN_MARKER = '<!-- deequ-bot:clean -->';
const latestBot = reviews
.filter(r => r.user.login === 'github-actions[bot]')
.sort((a, b) => new Date(b.submitted_at) - new Date(a.submitted_at))[0];
if (!latestBot || !latestBot.body.includes(CLEAN_MARKER) || latestBot.commit_id !== sha) {
core.info('Bot has not posted a clean review for this SHA, skipping');
return;
}
// Both conditions met — check for existing approval to prevent doubles
const botApprovals = reviews.filter(r =>
r.user.login === 'github-actions[bot]' && r.state === 'APPROVED'
);
if (botApprovals.length > 0) {
core.info('Bot already approved this PR, skipping');
return;
}
// Approve
core.info(`Approving PR #${prNumber}: bot review clean + CI passed for SHA ${sha}`);
await github.rest.pulls.createReview({
owner, repo, pull_number: prNumber,
event: 'APPROVE',
body: `No issues found and CI is passing. Auto-approved.\n\n---\n*Generated by AI — human merge required.*`
});