Enforce Required Reviewers #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Enforce Required Reviewers | |
on: | |
pull_request: | |
pull_request_review: | |
jobs: | |
enforce_required_reviewers: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Print Env Variables | |
shell: pwsh | |
env: | |
PR_NO: ${{github.event.number}} | |
run: | | |
dir env: | |
Write-Host "---------------------------------" | |
Write-Host "PR_NO" $env:PR_NO | |
- name: Dump GitHub context | |
env: | |
GITHUB_CONTEXT: ${{ toJson(github) }} | |
run: echo "$GITHUB_CONTEXT" | |
- name: Dump job context | |
env: | |
JOB_CONTEXT: ${{ toJson(job) }} | |
run: echo "$JOB_CONTEXT" | |
- name: Dump steps context | |
env: | |
STEPS_CONTEXT: ${{ toJson(steps) }} | |
run: echo "$STEPS_CONTEXT" | |
- name: Dump runner context | |
env: | |
RUNNER_CONTEXT: ${{ toJson(runner) }} | |
run: echo "$RUNNER_CONTEXT" | |
- name: Dump strategy context | |
env: | |
STRATEGY_CONTEXT: ${{ toJson(strategy) }} | |
run: echo "$STRATEGY_CONTEXT" | |
- name: Dump matrix context | |
env: | |
MATRIX_CONTEXT: ${{ toJson(matrix) }} | |
run: echo "$MATRIX_CONTEXT" | |
- name: Checkout repository | |
uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.head_ref }} | |
fetch-depth: 0 | |
- name: Check for changes in /test1/ | |
id: check_changes | |
run: | | |
git fetch origin ${{ github.base_ref }} | |
git diff --name-only --diff-filter=d FETCH_HEAD..HEAD | grep '^test1/' > /dev/null && echo "::set-output name=compute_changed::true" || echo "::set-output name=compute_changed::false" | |
- name: Get required reviewers from CODEOWNERS file | |
id: get_reviewers | |
run: | | |
REQUIRED_REVIEWERS=$(grep '/test1/' .github/CODEOWNERS | awk -F' ' '{for (i=3; i<=NF; i++) printf "%s ", substr($i, 2)}') | |
echo "::set-output name=required_reviewers::$REQUIRED_REVIEWERS" | |
- name: Enforce required reviewers approval | |
if: steps.check_changes.outputs.compute_changed == 'true' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
PR_NUMBER=$(echo $GITHUB_REF | awk 'BEGIN { FS = "/" } ; { print $3 }') | |
REQUIRED_REVIEWERS="${{ steps.get_reviewers.outputs.required_reviewers }}" | |
APPROVED_REVIEWERS=$(gh pr view $PR_NUMBER --json reviews --jq '.reviews[].author.login') | |
REQUIRED_REVIEWERS_ARRAY=(${REQUIRED_REVIEWERS//,/ }) | |
APPROVAL_FOUND=false | |
for reviewer in "${REQUIRED_REVIEWERS_ARRAY[@]}"; do | |
if [[ $APPROVED_REVIEWERS == *"$reviewer"* ]]; then | |
APPROVAL_FOUND=true | |
break | |
fi | |
done | |
if [ "$APPROVAL_FOUND" = false ]; then | |
echo "error: At least one of the required reviewers ($REQUIRED_REVIEWERS) must approve the PR" >&2 | |
exit 1 | |
fi |