Skip to content

Commit 2690c5f

Browse files
docs(validate-pr): Rewrite README for v4 advisory mode
Document advisory behavior, the small-PR + lock-file bypass, and the migration path from v3 (close + labels removed). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent ea6826e commit 2690c5f

1 file changed

Lines changed: 45 additions & 19 deletions

File tree

validate-pr/README.md

Lines changed: 45 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
11
# Validate PR
22

3-
Validates non-maintainer pull requests against contribution guidelines.
3+
Advisory validation for non-maintainer pull requests against contribution guidelines. Posts a single friendly comment when a PR doesn't reference an issue with prior maintainer discussion. **PRs are never closed, and no labels are applied.**
44

55
## What it does
66

7-
**Validates issue references** — Non-maintainer PRs must reference a GitHub issue where the PR author and a maintainer have discussed the approach. PRs that don't meet this requirement are automatically closed with a descriptive comment.
7+
For PRs from non-maintainer authors, the action checks that the PR body references a GitHub issue where the PR author and a maintainer have discussed the approach. When that's not the case, the action posts one short advisory comment inviting the contributor to start with an issue. Maintainers (`admin` or `maintain` role) and a hard-coded list of trusted bots are exempt.
88

9-
Maintainers (users with `admin` or `maintain` role) are exempt from validation. When a maintainer reopens a previously closed PR, all checks are skipped — this allows maintainers to override the action's decision.
9+
Small PRs (< 100 lines changed, excluding lock files) are skipped entirely — typo fixes and tiny bug fixes don't need to go through the issue-discussion loop.
1010

1111
## Usage
1212

@@ -17,54 +17,80 @@ name: Validate PR
1717

1818
on:
1919
pull_request_target:
20-
types: [opened, reopened]
20+
types: [opened]
2121

2222
jobs:
2323
validate-pr:
2424
runs-on: ubuntu-24.04
2525
permissions:
2626
pull-requests: write
2727
steps:
28-
- uses: getsentry/github-workflows/validate-pr@v3
28+
- uses: getsentry/github-workflows/validate-pr@v4
2929
with:
3030
app-id: ${{ vars.SDK_MAINTAINER_BOT_APP_ID }}
3131
private-key: ${{ secrets.SDK_MAINTAINER_BOT_PRIVATE_KEY }}
3232
```
3333
34+
The `pull-requests: write` permission is needed because the action posts comments on the PR.
35+
3436
## Inputs
3537

3638
| Input | Required | Description |
3739
|-------|----------|-------------|
3840
| `app-id` | Yes | GitHub App ID for the SDK Maintainer Bot |
3941
| `private-key` | Yes | GitHub App private key for the SDK Maintainer Bot |
4042

41-
## Outputs
43+
## Validation rules
4244

43-
| Output | Description |
44-
|--------|-------------|
45-
| `was-closed` | `'true'` if the PR was closed by validation, unset otherwise |
45+
### Skipped entirely
4646

47-
## Validation rules
47+
- PR author is in the trusted-bot allowlist (Dependabot, Renovate, Codecov AI, etc.)
48+
- PR author has `admin`, `maintain`, `push`, or `write` access on the repo
49+
- PR has fewer than 100 lines changed (`additions + deletions`), excluding common lock files
50+
51+
### Lock files excluded from line counts
52+
53+
Matched by basename, case-insensitive:
54+
55+
| Ecosystem | File |
56+
|-----------|------|
57+
| Rust | `Cargo.lock` |
58+
| JS | `package-lock.json`, `yarn.lock`, `pnpm-lock.yaml` |
59+
| Python | `Pipfile.lock`, `poetry.lock`, `uv.lock` |
60+
| Ruby | `Gemfile.lock` |
61+
| PHP | `composer.lock` |
62+
| Go | `go.sum` (`go.mod` is hand-edited and stays counted) |
63+
| Elixir | `mix.lock` |
64+
| Dart/Flutter | `pubspec.lock` |
65+
| .NET/NuGet | `packages.lock.json` |
66+
| CocoaPods | `Podfile.lock` |
67+
| Nix | `flake.lock` |
4868

4969
### Issue reference check
5070

51-
The PR body is scanned for issue references in these formats:
71+
For PRs that reach validation, the action scans the PR body for issue references in these formats:
5272

5373
- `#123` (same-repo)
5474
- `getsentry/repo#123` (cross-repo)
5575
- `https://github.com/getsentry/repo/issues/123` (full URL)
5676
- With optional keywords: `Fixes #123`, `Closes getsentry/repo#123`, etc.
5777

58-
A PR is valid if **any** referenced issue passes all checks:
78+
The PR is considered compliant if **any** referenced issue passes all of:
79+
5980
- The issue is fetchable and in a `getsentry` repository
60-
- If the issue has assignees, the PR author must be one of them
81+
- If the issue has assignees, the PR author is one of them
6182
- Both the PR author and a maintainer have participated in the issue discussion
6283

63-
## Labels
84+
If no referenced issue passes, the action posts one advisory comment. The PR remains open and reviewable; no labels or status checks are applied. The comment is idempotent — workflow re-runs on the same PR will not produce duplicates.
85+
86+
## Migrating from v3
87+
88+
v3 closed non-compliant PRs and applied labels (`violating-contribution-guidelines`, `missing-issue-reference`, `missing-maintainer-discussion`, `issue-already-assigned`). v4 does neither — it only posts a comment.
89+
90+
To upgrade, update your workflow:
6491

65-
The action creates these labels automatically (they don't need to exist beforehand):
92+
- Change `getsentry/github-workflows/validate-pr@v3` → `@v4`
93+
- Change `types: [opened, reopened]` → `types: [opened]`
94+
- Remove any code that reads the `was-closed` output (it no longer exists)
6695

67-
- `violating-contribution-guidelines` — added to all closed PRs
68-
- `missing-issue-reference` — PR body has no issue references
69-
- `missing-maintainer-discussion` — referenced issue lacks author + maintainer discussion
70-
- `issue-already-assigned` — referenced issue is assigned to someone else
96+
Existing labels on old PRs are not removed automatically. Clean them up with a one-off script if desired.

0 commit comments

Comments
 (0)