Privileged Requester Action
Перейти к файлу
GrantBirki 3046b44217
package updates
2023-11-07 16:15:14 -07:00
__tests__ lint and format 2023-10-17 09:33:09 -06:00
.github bump 2023-11-07 16:13:16 -07:00
config Cleanup local org references after github org transfer 2022-10-17 10:39:35 -04:00
dist package updates 2023-11-07 16:15:14 -07:00
script add script/release 2022-10-10 16:56:24 -06:00
src package updates 2023-11-07 16:15:14 -07:00
.babelrc Privileged requester tests 2022-10-10 11:06:45 -04:00
.eslintignore Initial commit 2022-10-04 10:53:16 -04:00
.eslintrc.json linter 2023-10-16 10:17:10 -06:00
.gitattributes Initial commit 2022-10-04 10:53:16 -04:00
.gitignore Initial commit 2022-10-04 10:53:16 -04:00
.node-version update package-check workflow 2023-10-16 10:04:49 -06:00
CODE_OF_CONDUCT.md Add CODE_OF_CONDUCt 2022-10-10 15:04:47 -04:00
CONTRIBUTING.md Add CONTRIBUTING and the scripts referenced 2022-10-10 14:59:58 -04:00
LICENSE Check in test skeletons 2022-10-05 10:41:39 -04:00
README.md remove status badge from readme 2023-11-07 16:11:12 -07:00
SECURITY.md Add SECURITY 2022-10-10 15:34:31 -04:00
SUPPORT.md Add SUPPORT 2022-10-10 15:02:30 -04:00
action.yml node20 2023-10-16 10:08:59 -06:00
index.js lint and format 2023-10-17 09:33:09 -06:00
package-lock.json package updates 2023-11-07 16:15:14 -07:00
package.json package updates 2023-11-07 16:15:14 -07:00

README.md

Privileged Requester

CodeQL package-check units-test

This GitHub Action will automatically approve pull requests based off of requester criteria defined in the target repository.

Workflow Configuration

The workflow should be configured like:

Where vX.X.X is the latest release version found on the releases page

name: privileged-requester
on:
  pull_request:
    types: [opened, synchronize, reopened, labeled, unlabeled]

permissions:
  pull-requests: write
  contents: read

jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - name: checkout
        uses: actions/checkout@v4

      - uses: github/privileged-requester@vX.X.X
        with:
          myToken: ${{ secrets.GITHUB_TOKEN }}
          robotUserToken: ${{ secrets.REPO_GITHUB_TOKEN }}
          path: config/privileged-requester.yaml
          prCreator: ${{ github.event.pull_request.user.login }}
          prNumber: ${{ github.event.pull_request.number }}
          checkCommits: "true"
          checkDiff: "true"
          checkLabels: "true"

See the example in the workflow folder

Requester Configuration

In the target repo, the privileged requester functionality should be configured like so:

---
requesters:
  dependabot[bot]:
    labels:
      - dependencies
      - github_actions

See the example in the config folder.

The location of this file in the target repo should be the path used in the workflow configuration path

Reviewer

This Action runs, by default, with the built-in GITHUB_TOKEN and so approves the PRs as the github-actions[bot] user.

However, you can configure the Action to run with a different repo scoped token - a bot user of your own - by defining the Workflow configuration option robotUserToken pointing to the repo secret for that token.

Configuration

Here are the configuration options for this Action:

Inputs 📥

Input Required? Default Description
myToken yes ${{ github.token }} The GitHub token used to create an authenticated client - Provided for you by default!
robotUserToken no - An alternative robot user PAT to be used instead of the built-in Actions token
path yes config/privileged-requester.yaml Path where the privileged requester configuration can be found
prCreator yes ${{ github.event.pull_request.user.login }} The creator of the PR for this pull request event
prNumber yes ${{ github.event.pull_request.number }} The number of the PR for this pull request event
checkCommits yes "true" An option to check that every commit in the PR is made from the privileged requester
checkDiff yes "true" An option to check that the PR diff only has a removal diff, with no additions
checkLabels yes "true" An option to check that the labels on the PR match those defined in the privileged requester config

Outputs 📤

Output Description
approved The string "true" if the privileged-requester approved the pull request

First Time Setup

It should be noted that this Action looks at the default branch for its configuration file. This means that if you add this Action through a pull request, it will look at the default branch and fail because it cannot find the config file that has not landed on main / master yet. After merging the pull request that adds this Action to your repository, it should work as expected.

GitHub App Permissions

If you are using a GitHub app with this Action, you will need to grant the following permissions:

  • Checks: Read and write
  • Contents: Read and write
  • Metadata: Read-only
  • Pull requests: Read and write

Subscribe to Events

This GitHub App will subscribe to the following events:

  • Check suite
  • Check run
  • Pull request