diff options
| -rw-r--r-- | .github/review-policy.yml | 3 | ||||
| -rw-r--r-- | .github/workflows/review-check.yaml | 166 | 
2 files changed, 3 insertions, 166 deletions
| diff --git a/.github/review-policy.yml b/.github/review-policy.yml new file mode 100644 index 00000000..421b30f8 --- /dev/null +++ b/.github/review-policy.yml @@ -0,0 +1,3 @@ +remote: python-discord/.github +path: review-policies/core-developers.yml +ref: main diff --git a/.github/workflows/review-check.yaml b/.github/workflows/review-check.yaml deleted file mode 100644 index 3e45a4b5..00000000 --- a/.github/workflows/review-check.yaml +++ /dev/null @@ -1,166 +0,0 @@ -name: Review Check - -# This workflow needs to trigger in two situations: -# -# 1. When a pull request is opened, reopened, or synchronized (new commit) -# This is accomplished using the `pull_request_target` event that triggers in -# precisely those situations by default. I've opted for `pull_request_target` -# as we don't need to have access to the PR's code and it's safer to make the -# secrets we need available to the workflow compared to `pull_request`. -# -# The reason we need to run the workflow for this event is because we need to -# make sure that our check is part of the check suite for the current commit. -# -# 2. When a review is added or dismissed. -# Whenever reviews are submitted or dismissed, the number of Core Developer -# approvals may obviously change. -# -# --- -# -# Unfortunately, having two different event triggers means that can't let -# this workflow fail on its own, as GitHub actions registers a separate check -# run result per event trigger. As both triggers need to share the success/fail -# state, we get around that by registering a custom "status". -on: -  pull_request_review: -    types: -      - submitted -      - dismissed -  pull_request_target: - - -jobs: -  review-check: -    name:  Check Core Dev Reviews -    runs-on: ubuntu-latest - -    steps: -      # Fetch the latest Opinionated reviews from users with write -      # access. We can't narrow it down using a specific team here -      # yet, so we'll do that later. -      - uses: octokit/[email protected] -        id: reviews -        with: -          query: | -            query ($repository: String!, $pr: Int!) { -              repository(owner: "python-discord", name: $repository) { -                pullRequest(number: $pr) { -                  latestOpinionatedReviews(last: 100, writersOnly: true) { -                    nodes{ -                      author{ -                        login -                      } -                      state -                    } -                  } -                } -              } -            } -          repository: ${{ github.event.repository.name }} -          pr: ${{ github.event.pull_request.number }} -        env: -          GITHUB_TOKEN: ${{ secrets.REPO_TOKEN }} - -      # Fetch the members of the Core Developers team so we can -      # check if any of them actually approved this PR. -      - uses: octokit/[email protected] -        id: core_developers -        with: -          query: | -            query { -              organization(login: "python-discord") { -                team(slug: "core-developers") { -                  members(first: 100) { -                    nodes { -                      login -                    } -                  } -                } -              } -            } -        env: -          GITHUB_TOKEN: ${{ secrets.TEAM_TOKEN }} - -      # I've opted for a Python script, as that's what most of us -      # are familiar with. We do need to setup Python for that. -      - name: Setup python -        id: python -        uses: actions/setup-python@v2 -        with: -          python-version: '3.9' - -      # This is a small, inline Python script that looks for the -      # intersection between approving reviewers and the core dev -      # team. If that intersection exists, we have at least one -      # approving Core Developer. -      # -      # I've opted to keep this inline as it's relatively small -      # and this workflow will be added to multiple repositories. -      - name: Check for Accepting Core Developers -        id: core_dev_reviews -        run: | -          python -c 'import json -          reviews = json.loads("""${{ steps.reviews.outputs.data }}""") -          reviewers = { -              review["author"]["login"] -              for review in reviews["repository"]["pullRequest"]["latestOpinionatedReviews"]["nodes"] -              if review["state"] == "APPROVED" -          } -          core_devs = json.loads("""${{ steps.core_developers.outputs.data }}""") -          core_devs = { -              member["login"] for member in core_devs["organization"]["team"]["members"]["nodes"] -          } -          approving_core_devs = reviewers & core_devs -          approval_check = "success" if approving_core_devs else "failure" -          print(f"::set-output name=approval_check::{approval_check}") -          ' - -      # This step registers a a new status for the head commit of the pull -      # request. If a status with the same context and description already -      # exists, it will be overwritten. The reason we have to do this is -      # because workflows run for the separate `pull_request_target` and -      #`pull_request_review` events need to share a single result state. -      - name: Add Core Dev Approval status check -        uses: octokit/[email protected] -        with: -          route: POST /repos/:repository/statuses/:sha -          repository: ${{ github.repository }} -          sha: ${{ github.event.pull_request.head.sha }} -          state: ${{ steps.core_dev_reviews.outputs.approval_check }} -          description: At least one core developer needs to approve this PR -          context: Core Dev Approval -        env: -          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - -      # If we have at least one Core Developer approval, this step -      # removes the 'waiting for core dev approval' label if it's -      # still present for the PR. -      - name: Remove "waiting for core dev approval" if a core dev approved this PR -        if: >- -          steps.core_dev_reviews.outputs.approval_check == 'success' && -          contains(github.event.pull_request.labels.*.name, 'waiting for core dev approval') -        uses: octokit/[email protected] -        with: -          route: DELETE /repos/:repository/issues/:number/labels/:label -          repository: ${{ github.repository }} -          number: ${{ github.event.pull_request.number }} -          label: needs core dev approval -        env: -          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - -      # If we have do not have one Core Developer approval, this step -      # adds the 'waiting for core dev approval' label if it's not -      # already present for the PR. -      - name: Add "waiting for core dev approval" if no core dev has approved yet -        if: >- -          steps.core_dev_reviews.outputs.approval_check == 'failure' && -          !contains(github.event.pull_request.labels.*.name, 'waiting for core dev approval') -        uses: octokit/[email protected] -        with: -          route: POST /repos/:repository/issues/:number/labels -          repository: ${{ github.repository }} -          number: ${{ github.event.pull_request.number }} -          labels: | -            - needs core dev approval -        env: -          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | 
