python-sdks/.github/workflows/release-gate.yml at 80f2d3bfa17cddd7ea2129eb9ef0b129d88cec0b · livekit/python-sdks · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
name: Release gate

on:
  pull_request:
    types: [opened, synchronize, reopened]
    paths:
      - "**/version.py"
  pull_request_review:
    types: [submitted, dismissed]

permissions:
  pull-requests: read

jobs:
  release-gate:
    name: Release gate
    if: startsWith(github.event.pull_request.head.ref, 'release/v')
    runs-on: ubuntu-latest
    steps:
      - name: Verify PR was created by GitHub Actions
        run: |
          author="${{ github.event.pull_request.user.login }}"
          if [ "$author" != "github-actions[bot]" ]; then
            echo "::error::Release PRs must be created by the publish workflow, not by '$author'"
            exit 1
          fi

      - name: Require at least 2 approvals
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          approvals=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews \
            --jq '[.[] | select(.state == "APPROVED")] | length')
          echo "Approvals: $approvals"
          if [ "$approvals" -lt 2 ]; then
            echo "::error::Release PRs require at least 2 approvals (got $approvals)"
            exit 1
          fi