3046b44217 | ||
---|---|---|
__tests__ | ||
.github | ||
config | ||
dist | ||
script | ||
src | ||
.babelrc | ||
.eslintignore | ||
.eslintrc.json | ||
.gitattributes | ||
.gitignore | ||
.node-version | ||
CODE_OF_CONDUCT.md | ||
CONTRIBUTING.md | ||
LICENSE | ||
README.md | ||
SECURITY.md | ||
SUPPORT.md | ||
action.yml | ||
index.js | ||
package-lock.json | ||
package.json |
README.md
Privileged Requester
This GitHub Action will automatically approve pull requests based off of requester criteria defined in the target repository.
Workflow Configuration
The workflow should be configured like:
Where
vX.X.X
is the latest release version found on the releases page
name: privileged-requester
on:
pull_request:
types: [opened, synchronize, reopened, labeled, unlabeled]
permissions:
pull-requests: write
contents: read
jobs:
check:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v4
- uses: github/privileged-requester@vX.X.X
with:
myToken: ${{ secrets.GITHUB_TOKEN }}
robotUserToken: ${{ secrets.REPO_GITHUB_TOKEN }}
path: config/privileged-requester.yaml
prCreator: ${{ github.event.pull_request.user.login }}
prNumber: ${{ github.event.pull_request.number }}
checkCommits: "true"
checkDiff: "true"
checkLabels: "true"
See the example in the workflow folder
Requester Configuration
In the target repo, the privileged requester functionality should be configured like so:
---
requesters:
dependabot[bot]:
labels:
- dependencies
- github_actions
See the example in the config folder.
The location of this file in the target repo should be the path used in the workflow configuration path
Reviewer
This Action runs, by default, with the built-in GITHUB_TOKEN
and so approves the PRs as the github-actions[bot]
user.
However, you can configure the Action to run with a different repo scoped token - a bot user of your own - by defining the Workflow configuration option robotUserToken
pointing to the repo secret for that token.
Configuration
Here are the configuration options for this Action:
Inputs 📥
Input | Required? | Default | Description |
---|---|---|---|
myToken |
yes | ${{ github.token }} |
The GitHub token used to create an authenticated client - Provided for you by default! |
robotUserToken | no | - | An alternative robot user PAT to be used instead of the built-in Actions token |
path |
yes | config/privileged-requester.yaml |
Path where the privileged requester configuration can be found |
prCreator |
yes | ${{ github.event.pull_request.user.login }} |
The creator of the PR for this pull request event |
prNumber |
yes | ${{ github.event.pull_request.number }} |
The number of the PR for this pull request event |
checkCommits |
yes | "true" |
An option to check that every commit in the PR is made from the privileged requester |
checkDiff |
yes | "true" |
An option to check that the PR diff only has a removal diff, with no additions |
checkLabels |
yes | "true" |
An option to check that the labels on the PR match those defined in the privileged requester config |
Outputs 📤
Output | Description |
---|---|
approved |
The string "true" if the privileged-requester approved the pull request |
First Time Setup
It should be noted that this Action looks at the default
branch for its configuration file. This means that if you add this Action through a pull request, it will look at the default branch and fail because it cannot find the config file that has not landed on main
/ master
yet. After merging the pull request that adds this Action to your repository, it should work as expected.
GitHub App Permissions
If you are using a GitHub app with this Action, you will need to grant the following permissions:
- Checks:
Read and write
- Contents:
Read and write
- Metadata:
Read-only
- Pull requests:
Read and write
Subscribe to Events
This GitHub App will subscribe to the following events:
- Check suite
- Check run
- Pull request