From 811726ceae691b172a183b1cba105e39eb3f2f0c Mon Sep 17 00:00:00 2001 From: Carly Gundy Date: Thu, 16 Jan 2025 16:00:29 +0100 Subject: [PATCH 01/20] feat(IDX): add internal-external workflow --- .github/workflows/internal_vs_external.yml | 73 ++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 .github/workflows/internal_vs_external.yml diff --git a/.github/workflows/internal_vs_external.yml b/.github/workflows/internal_vs_external.yml new file mode 100644 index 0000000..a5b0459 --- /dev/null +++ b/.github/workflows/internal_vs_external.yml @@ -0,0 +1,73 @@ +# Checks to see which reviews are required based on internal vs external contribution + +name: Internal vs External Review + +on: + workflow_call: + +jobs: + check-membership: + name: Check Membership + runs-on: ubuntu-latest + # Dont run this workflow on merge queue + if: ${{ github.event_name != 'merge_group' }} + outputs: + is_member: ${{ steps.check-membership.outputs.is_member}} + steps: + - name: Create GitHub App Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.CLA_BOT_APP_ID }} + private-key: ${{ secrets.CLA_BOT_PRIVATE_KEY }} + + - name: Checkout + uses: actions/checkout@v4 + with: + repository: 'dfinity/public-workflows' + + - name: Python Setup + uses: ./.github/workflows/python-setup + + - name: Check Membership + id: check-membership + run: python reusable_workflows/check_membership/check_membership.py + shell: bash + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + GH_ORG: ${{ github.repository_owner }} + USER: ${{ github.event.pull_request.user.login }} + + revoke-approvals: + name: Revoke Approvals + runs-on: ubuntu-latest + needs: check-membership + if: ${{ needs.check-membership.outputs.is_member != 'true' && needs.check-membership.result == 'success' }} + steps: + - name: Create GitHub App Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }} + private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }} # the PR Automation Bot has permissions to dismiss pull request reviews + + - name: Dismiss Pull Request Reviews + run: | + #!/bin/bash + set -euo pipefail + reviews=$(curl -s -H "Authorization: token ${GH_TOKEN}" \ + "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews") + + for review_id in $(echo "${reviews}" | jq -r '.[] | select(.state == "APPROVED") | .id'); do + curl -s -X PUT -H "Authorization: token ${GH_TOKEN}" \ + -H "Accept: application/vnd.github.v3+json" \ + -d '{"message": "Review dismissed by automation script."}' \ + "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews/${review_id}/dismissals" + echo "Dismissed review ${review_id}" + done + shell: bash + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + GH_ORG: ${{ github.repository_owner }} + REPO: ${{ github.event.repository.name }} + PULL_NUMBER: ${{ github.event.pull_request.number }} From ed95f611960a1ebe1f979d9f294865a9a6936352 Mon Sep 17 00:00:00 2001 From: Carly Gundy Date: Thu, 16 Jan 2025 16:01:23 +0100 Subject: [PATCH 02/20] updates --- .github/workflows/internal_vs_external.yml | 64 ++++++++++++---------- 1 file changed, 34 insertions(+), 30 deletions(-) diff --git a/.github/workflows/internal_vs_external.yml b/.github/workflows/internal_vs_external.yml index a5b0459..a64031d 100644 --- a/.github/workflows/internal_vs_external.yml +++ b/.github/workflows/internal_vs_external.yml @@ -3,46 +3,50 @@ name: Internal vs External Review on: - workflow_call: + pull_request: + types: + - ready_for_review + - synchronize + merge_group: # merge group is always needed for a required workflows to prevent them from getting stuck, but we then skip it below jobs: - check-membership: - name: Check Membership - runs-on: ubuntu-latest - # Dont run this workflow on merge queue - if: ${{ github.event_name != 'merge_group' }} - outputs: - is_member: ${{ steps.check-membership.outputs.is_member}} - steps: - - name: Create GitHub App Token - uses: actions/create-github-app-token@v1 - id: app-token - with: - app-id: ${{ vars.CLA_BOT_APP_ID }} - private-key: ${{ secrets.CLA_BOT_PRIVATE_KEY }} + # check-membership: + # name: Check Membership + # runs-on: ubuntu-latest + # # Dont run this workflow on merge queue + # if: ${{ github.event_name != 'merge_group' }} + # outputs: + # is_member: ${{ steps.check-membership.outputs.is_member}} + # steps: + # - name: Create GitHub App Token + # uses: actions/create-github-app-token@v1 + # id: app-token + # with: + # app-id: ${{ vars.CLA_BOT_APP_ID }} + # private-key: ${{ secrets.CLA_BOT_PRIVATE_KEY }} - - name: Checkout - uses: actions/checkout@v4 - with: - repository: 'dfinity/public-workflows' + # - name: Checkout + # uses: actions/checkout@v4 + # with: + # repository: 'dfinity/public-workflows' - - name: Python Setup - uses: ./.github/workflows/python-setup + # - name: Python Setup + # uses: ./.github/workflows/python-setup - - name: Check Membership - id: check-membership - run: python reusable_workflows/check_membership/check_membership.py - shell: bash - env: - GH_TOKEN: ${{ steps.app-token.outputs.token }} - GH_ORG: ${{ github.repository_owner }} - USER: ${{ github.event.pull_request.user.login }} + # - name: Check Membership + # id: check-membership + # run: python reusable_workflows/check_membership/check_membership.py + # shell: bash + # env: + # GH_TOKEN: ${{ steps.app-token.outputs.token }} + # GH_ORG: ${{ github.repository_owner }} + # USER: ${{ github.event.pull_request.user.login }} revoke-approvals: name: Revoke Approvals runs-on: ubuntu-latest needs: check-membership - if: ${{ needs.check-membership.outputs.is_member != 'true' && needs.check-membership.result == 'success' }} + # if: ${{ needs.check-membership.outputs.is_member != 'true' && needs.check-membership.result == 'success' }} steps: - name: Create GitHub App Token uses: actions/create-github-app-token@v1 From 8f3b274f91049662787a5a86bfcfea340aa49467 Mon Sep 17 00:00:00 2001 From: Carly Gundy Date: Thu, 16 Jan 2025 16:21:12 +0100 Subject: [PATCH 03/20] comment --- .github/workflows/internal_vs_external.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/internal_vs_external.yml b/.github/workflows/internal_vs_external.yml index a64031d..789463e 100644 --- a/.github/workflows/internal_vs_external.yml +++ b/.github/workflows/internal_vs_external.yml @@ -45,7 +45,7 @@ jobs: revoke-approvals: name: Revoke Approvals runs-on: ubuntu-latest - needs: check-membership + # needs: check-membership # if: ${{ needs.check-membership.outputs.is_member != 'true' && needs.check-membership.result == 'success' }} steps: - name: Create GitHub App Token From b8650efc7fd2c9c7ad23f181ec1fda00c9712bc3 Mon Sep 17 00:00:00 2001 From: Carly Gundy Date: Thu, 16 Jan 2025 16:22:58 +0100 Subject: [PATCH 04/20] empty commit From d3c11c7e86c7ec445f7004955bf4108b66adbe98 Mon Sep 17 00:00:00 2001 From: Carly Gundy Date: Thu, 16 Jan 2025 16:27:40 +0100 Subject: [PATCH 05/20] updates --- .github/workflows/internal_vs_external.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/internal_vs_external.yml b/.github/workflows/internal_vs_external.yml index 789463e..887d693 100644 --- a/.github/workflows/internal_vs_external.yml +++ b/.github/workflows/internal_vs_external.yml @@ -62,12 +62,22 @@ jobs: reviews=$(curl -s -H "Authorization: token ${GH_TOKEN}" \ "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews") + # debug + user_info=$(curl -s -H "Authorization: token ${GH_TOKEN}" \ + "https://api.github.com/user") + echo "User Info: $user_info" + for review_id in $(echo "${reviews}" | jq -r '.[] | select(.state == "APPROVED") | .id'); do curl -s -X PUT -H "Authorization: token ${GH_TOKEN}" \ -H "Accept: application/vnd.github.v3+json" \ -d '{"message": "Review dismissed by automation script."}' \ "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews/${review_id}/dismissals" - echo "Dismissed review ${review_id}" + if [ "$response" -eq 200 ]; then + echo "Dismissed review ${review_id}" + else + echo "Failed to dismiss review ${review_id}, HTTP status code: $response" + exit 1 + fi done shell: bash env: From a56d01e85fbf4e3f40593a8878f5b6b9859920d6 Mon Sep 17 00:00:00 2001 From: Carly Gundy Date: Thu, 16 Jan 2025 17:15:00 +0100 Subject: [PATCH 06/20] debug --- .github/workflows/internal_vs_external.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/internal_vs_external.yml b/.github/workflows/internal_vs_external.yml index 887d693..681972c 100644 --- a/.github/workflows/internal_vs_external.yml +++ b/.github/workflows/internal_vs_external.yml @@ -58,7 +58,7 @@ jobs: - name: Dismiss Pull Request Reviews run: | #!/bin/bash - set -euo pipefail + set -euox pipefail # REMOVE -x later! reviews=$(curl -s -H "Authorization: token ${GH_TOKEN}" \ "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews") From 066720eb2a3d4473f2f81ef110cd6a7f6dd87a35 Mon Sep 17 00:00:00 2001 From: Carly Gundy Date: Mon, 20 Jan 2025 13:26:46 +0100 Subject: [PATCH 07/20] debug --- .github/workflows/internal_vs_external.yml | 36 ++++++++++------------ 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/.github/workflows/internal_vs_external.yml b/.github/workflows/internal_vs_external.yml index 681972c..49170df 100644 --- a/.github/workflows/internal_vs_external.yml +++ b/.github/workflows/internal_vs_external.yml @@ -58,27 +58,25 @@ jobs: - name: Dismiss Pull Request Reviews run: | #!/bin/bash - set -euox pipefail # REMOVE -x later! - reviews=$(curl -s -H "Authorization: token ${GH_TOKEN}" \ - "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews") + set -euo pipefail + # Check if the token has access to the repository + curl -sS -f -I -H "Authorization: token ${GH_TOKEN}" https://api.github.com | grep -i x-oauth-scopes - # debug - user_info=$(curl -s -H "Authorization: token ${GH_TOKEN}" \ - "https://api.github.com/user") - echo "User Info: $user_info" + # reviews=$(curl -s -H "Authorization: token ${GH_TOKEN}" \ + # "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews") - for review_id in $(echo "${reviews}" | jq -r '.[] | select(.state == "APPROVED") | .id'); do - curl -s -X PUT -H "Authorization: token ${GH_TOKEN}" \ - -H "Accept: application/vnd.github.v3+json" \ - -d '{"message": "Review dismissed by automation script."}' \ - "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews/${review_id}/dismissals" - if [ "$response" -eq 200 ]; then - echo "Dismissed review ${review_id}" - else - echo "Failed to dismiss review ${review_id}, HTTP status code: $response" - exit 1 - fi - done + # for review_id in $(echo "${reviews}" | jq -r '.[] | select(.state == "APPROVED") | .id'); do + # curl -s -X PUT -H "Authorization: token ${GH_TOKEN}" \ + # -H "Accept: application/vnd.github.v3+json" \ + # -d '{"message": "Review dismissed by automation script."}' \ + # "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews/${review_id}/dismissals" + # if [ "$response" -eq 200 ]; then + # echo "Dismissed review ${review_id}" + # else + # echo "Failed to dismiss review ${review_id}, HTTP status code: $response" + # exit 1 + # fi + # done shell: bash env: GH_TOKEN: ${{ steps.app-token.outputs.token }} From d8afed4350c12eb20783ee2977eb055ec17d92b1 Mon Sep 17 00:00:00 2001 From: Carly Gundy Date: Mon, 20 Jan 2025 13:31:54 +0100 Subject: [PATCH 08/20] another try --- .github/workflows/internal_vs_external.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/internal_vs_external.yml b/.github/workflows/internal_vs_external.yml index 49170df..617f335 100644 --- a/.github/workflows/internal_vs_external.yml +++ b/.github/workflows/internal_vs_external.yml @@ -59,8 +59,8 @@ jobs: run: | #!/bin/bash set -euo pipefail - # Check if the token has access to the repository - curl -sS -f -I -H "Authorization: token ${GH_TOKEN}" https://api.github.com | grep -i x-oauth-scopes + + gh auth status # reviews=$(curl -s -H "Authorization: token ${GH_TOKEN}" \ # "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews") From a89ac8491b0bbaef4f322df5284f1ea9f2df013a Mon Sep 17 00:00:00 2001 From: Carly Gundy Date: Mon, 20 Jan 2025 13:36:59 +0100 Subject: [PATCH 09/20] re-introduce code --- .github/workflows/internal_vs_external.yml | 30 ++++++++++------------ 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/.github/workflows/internal_vs_external.yml b/.github/workflows/internal_vs_external.yml index 617f335..d918c3e 100644 --- a/.github/workflows/internal_vs_external.yml +++ b/.github/workflows/internal_vs_external.yml @@ -60,23 +60,21 @@ jobs: #!/bin/bash set -euo pipefail - gh auth status + reviews=$(curl -s -H "Authorization: token ${GH_TOKEN}" \ + "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews") - # reviews=$(curl -s -H "Authorization: token ${GH_TOKEN}" \ - # "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews") - - # for review_id in $(echo "${reviews}" | jq -r '.[] | select(.state == "APPROVED") | .id'); do - # curl -s -X PUT -H "Authorization: token ${GH_TOKEN}" \ - # -H "Accept: application/vnd.github.v3+json" \ - # -d '{"message": "Review dismissed by automation script."}' \ - # "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews/${review_id}/dismissals" - # if [ "$response" -eq 200 ]; then - # echo "Dismissed review ${review_id}" - # else - # echo "Failed to dismiss review ${review_id}, HTTP status code: $response" - # exit 1 - # fi - # done + for review_id in $(echo "${reviews}" | jq -r '.[] | select(.state == "APPROVED") | .id'); do + curl -s -X PUT -H "Authorization: token ${GH_TOKEN}" \ + -H "Accept: application/vnd.github.v3+json" \ + -d '{"message": "Review dismissed by automation script."}' \ + "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews/${review_id}/dismissals" + if [ "$response" -eq 200 ]; then + echo "Dismissed review ${review_id}" + else + echo "Failed to dismiss review ${review_id}, HTTP status code: $response" + exit 1 + fi + done shell: bash env: GH_TOKEN: ${{ steps.app-token.outputs.token }} From c282f0da59eb5e2d40e2c27c6506254abc58d1f5 Mon Sep 17 00:00:00 2001 From: Carly Gundy Date: Mon, 20 Jan 2025 13:40:52 +0100 Subject: [PATCH 10/20] test with different token --- .github/workflows/internal_vs_external.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/internal_vs_external.yml b/.github/workflows/internal_vs_external.yml index d918c3e..5967781 100644 --- a/.github/workflows/internal_vs_external.yml +++ b/.github/workflows/internal_vs_external.yml @@ -77,7 +77,8 @@ jobs: done shell: bash env: - GH_TOKEN: ${{ steps.app-token.outputs.token }} + GH_TOKEN: ${{ secrets.GH_TOKEN }} + # GH_TOKEN: ${{ steps.app-token.outputs.token }} GH_ORG: ${{ github.repository_owner }} REPO: ${{ github.event.repository.name }} PULL_NUMBER: ${{ github.event.pull_request.number }} From 1cc042035a41c6d01e87157508ec3d7537994c5a Mon Sep 17 00:00:00 2001 From: Carly Gundy Date: Mon, 20 Jan 2025 13:45:19 +0100 Subject: [PATCH 11/20] remove --- .github/workflows/internal_vs_external.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/internal_vs_external.yml b/.github/workflows/internal_vs_external.yml index 5967781..fd0b9c5 100644 --- a/.github/workflows/internal_vs_external.yml +++ b/.github/workflows/internal_vs_external.yml @@ -78,7 +78,6 @@ jobs: shell: bash env: GH_TOKEN: ${{ secrets.GH_TOKEN }} - # GH_TOKEN: ${{ steps.app-token.outputs.token }} GH_ORG: ${{ github.repository_owner }} REPO: ${{ github.event.repository.name }} PULL_NUMBER: ${{ github.event.pull_request.number }} From ec6bc224e87fb37dc038ba6537b811a6c836c3f0 Mon Sep 17 00:00:00 2001 From: Carly Gundy Date: Mon, 20 Jan 2025 13:47:19 +0100 Subject: [PATCH 12/20] empty commit From 9d3eefaa8347262fd7f57bc33ad636699a237285 Mon Sep 17 00:00:00 2001 From: Carly Gundy Date: Mon, 20 Jan 2025 13:50:32 +0100 Subject: [PATCH 13/20] empty commit From 1b9ab60f7374222c29cf28d2060d73c0f0417ac4 Mon Sep 17 00:00:00 2001 From: Carly Gundy Date: Mon, 20 Jan 2025 14:07:45 +0100 Subject: [PATCH 14/20] switch to CLA bot --- .github/workflows/internal_vs_external.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/internal_vs_external.yml b/.github/workflows/internal_vs_external.yml index fd0b9c5..3fb7a35 100644 --- a/.github/workflows/internal_vs_external.yml +++ b/.github/workflows/internal_vs_external.yml @@ -52,8 +52,8 @@ jobs: uses: actions/create-github-app-token@v1 id: app-token with: - app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }} - private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }} # the PR Automation Bot has permissions to dismiss pull request reviews + app-id: ${{ vars.CLA_BOT_APP_ID }} + private-key: ${{ secrets.CLA_BOT_PRIVATE_KEY }} # the CLA Bot has permissions to dismiss pull request reviews - name: Dismiss Pull Request Reviews run: | @@ -77,7 +77,7 @@ jobs: done shell: bash env: - GH_TOKEN: ${{ secrets.GH_TOKEN }} + GH_TOKEN: ${{ steps.app-token.outputs.token }} GH_ORG: ${{ github.repository_owner }} REPO: ${{ github.event.repository.name }} PULL_NUMBER: ${{ github.event.pull_request.number }} From b5c04ddb0be6aca74b9f65aae85e7ff9ac813e0c Mon Sep 17 00:00:00 2001 From: Carly Gundy Date: Mon, 20 Jan 2025 14:10:18 +0100 Subject: [PATCH 15/20] add message --- .github/workflows/internal_vs_external.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/internal_vs_external.yml b/.github/workflows/internal_vs_external.yml index 3fb7a35..a5ed1ed 100644 --- a/.github/workflows/internal_vs_external.yml +++ b/.github/workflows/internal_vs_external.yml @@ -63,6 +63,12 @@ jobs: reviews=$(curl -s -H "Authorization: token ${GH_TOKEN}" \ "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews") + # Check if any reviews were found + if [ -z "$reviews" ] || [ "$reviews" == "[]" ]; then + echo "No reviews to dismiss" + exit 0 + fi + for review_id in $(echo "${reviews}" | jq -r '.[] | select(.state == "APPROVED") | .id'); do curl -s -X PUT -H "Authorization: token ${GH_TOKEN}" \ -H "Accept: application/vnd.github.v3+json" \ From 1091668c192e3fb5f2e5ffd42b148a4f9ec072be Mon Sep 17 00:00:00 2001 From: Carly Gundy Date: Mon, 20 Jan 2025 14:34:05 +0100 Subject: [PATCH 16/20] empty commit From 4dbe646db7d705036e4b1122fd4874a71b9cc538 Mon Sep 17 00:00:00 2001 From: Carly Gundy Date: Tue, 21 Jan 2025 11:27:04 +0100 Subject: [PATCH 17/20] try without bot --- .github/workflows/internal_vs_external.yml | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/.github/workflows/internal_vs_external.yml b/.github/workflows/internal_vs_external.yml index a5ed1ed..61b3efe 100644 --- a/.github/workflows/internal_vs_external.yml +++ b/.github/workflows/internal_vs_external.yml @@ -9,6 +9,10 @@ on: - synchronize merge_group: # merge group is always needed for a required workflows to prevent them from getting stuck, but we then skip it below +permissions: + contents: read + pull-requests: write + jobs: # check-membership: # name: Check Membership @@ -48,13 +52,6 @@ jobs: # needs: check-membership # if: ${{ needs.check-membership.outputs.is_member != 'true' && needs.check-membership.result == 'success' }} steps: - - name: Create GitHub App Token - uses: actions/create-github-app-token@v1 - id: app-token - with: - app-id: ${{ vars.CLA_BOT_APP_ID }} - private-key: ${{ secrets.CLA_BOT_PRIVATE_KEY }} # the CLA Bot has permissions to dismiss pull request reviews - - name: Dismiss Pull Request Reviews run: | #!/bin/bash @@ -83,7 +80,7 @@ jobs: done shell: bash env: - GH_TOKEN: ${{ steps.app-token.outputs.token }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_ORG: ${{ github.repository_owner }} REPO: ${{ github.event.repository.name }} PULL_NUMBER: ${{ github.event.pull_request.number }} From 8add216f28d75abdb9229524dcf728bdfe88017e Mon Sep 17 00:00:00 2001 From: Carly Gundy Date: Tue, 21 Jan 2025 17:05:05 +0100 Subject: [PATCH 18/20] fix unbound var --- .github/workflows/internal_vs_external.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/internal_vs_external.yml b/.github/workflows/internal_vs_external.yml index 61b3efe..a6cff1a 100644 --- a/.github/workflows/internal_vs_external.yml +++ b/.github/workflows/internal_vs_external.yml @@ -67,10 +67,10 @@ jobs: fi for review_id in $(echo "${reviews}" | jq -r '.[] | select(.state == "APPROVED") | .id'); do - curl -s -X PUT -H "Authorization: token ${GH_TOKEN}" \ + response=$(curl -s -o /dev/null -w "%{http_code}" -X PUT -H "Authorization: token ${GH_TOKEN}" \ -H "Accept: application/vnd.github.v3+json" \ -d '{"message": "Review dismissed by automation script."}' \ - "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews/${review_id}/dismissals" + "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews/${review_id}/dismissals") if [ "$response" -eq 200 ]; then echo "Dismissed review ${review_id}" else From 4620f6a835a46889bcd31e2029853559c17ab148 Mon Sep 17 00:00:00 2001 From: Carly Gundy Date: Thu, 23 Jan 2025 08:14:13 +0100 Subject: [PATCH 19/20] add comments --- .github/workflows/internal_vs_external.yml | 66 +++++++++++----------- 1 file changed, 34 insertions(+), 32 deletions(-) diff --git a/.github/workflows/internal_vs_external.yml b/.github/workflows/internal_vs_external.yml index a6cff1a..aac15da 100644 --- a/.github/workflows/internal_vs_external.yml +++ b/.github/workflows/internal_vs_external.yml @@ -14,58 +14,60 @@ permissions: pull-requests: write jobs: - # check-membership: - # name: Check Membership - # runs-on: ubuntu-latest - # # Dont run this workflow on merge queue - # if: ${{ github.event_name != 'merge_group' }} - # outputs: - # is_member: ${{ steps.check-membership.outputs.is_member}} - # steps: - # - name: Create GitHub App Token - # uses: actions/create-github-app-token@v1 - # id: app-token - # with: - # app-id: ${{ vars.CLA_BOT_APP_ID }} - # private-key: ${{ secrets.CLA_BOT_PRIVATE_KEY }} + check-membership: + name: Check Membership + runs-on: ubuntu-latest + # Dont run this workflow on merge queue + if: ${{ github.event_name != 'merge_group' }} + outputs: + is_member: ${{ steps.check-membership.outputs.is_member}} + steps: + - name: Create GitHub App Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.CLA_BOT_APP_ID }} + private-key: ${{ secrets.CLA_BOT_PRIVATE_KEY }} - # - name: Checkout - # uses: actions/checkout@v4 - # with: - # repository: 'dfinity/public-workflows' + - name: Checkout + uses: actions/checkout@v4 + with: + repository: 'dfinity/public-workflows' - # - name: Python Setup - # uses: ./.github/workflows/python-setup + - name: Python Setup + uses: ./.github/workflows/python-setup - # - name: Check Membership - # id: check-membership - # run: python reusable_workflows/check_membership/check_membership.py - # shell: bash - # env: - # GH_TOKEN: ${{ steps.app-token.outputs.token }} - # GH_ORG: ${{ github.repository_owner }} - # USER: ${{ github.event.pull_request.user.login }} + - name: Check Membership + id: check-membership + run: python reusable_workflows/check_membership/check_membership.py + shell: bash + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + GH_ORG: ${{ github.repository_owner }} + USER: ${{ github.event.pull_request.user.login }} revoke-approvals: name: Revoke Approvals runs-on: ubuntu-latest - # needs: check-membership - # if: ${{ needs.check-membership.outputs.is_member != 'true' && needs.check-membership.result == 'success' }} + needs: check-membership + if: ${{ needs.check-membership.outputs.is_member != 'true' && needs.check-membership.result == 'success' }} steps: - name: Dismiss Pull Request Reviews run: | #!/bin/bash set -euo pipefail + # get existing reviews reviews=$(curl -s -H "Authorization: token ${GH_TOKEN}" \ "https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews") - # Check if any reviews were found + # If no reviews were given, then exit script if [ -z "$reviews" ] || [ "$reviews" == "[]" ]; then echo "No reviews to dismiss" exit 0 fi + # dismiss PR reviews for review_id in $(echo "${reviews}" | jq -r '.[] | select(.state == "APPROVED") | .id'); do response=$(curl -s -o /dev/null -w "%{http_code}" -X PUT -H "Authorization: token ${GH_TOKEN}" \ -H "Accept: application/vnd.github.v3+json" \ @@ -80,7 +82,7 @@ jobs: done shell: bash env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # actor is github actions with above permissions GH_ORG: ${{ github.repository_owner }} REPO: ${{ github.event.repository.name }} PULL_NUMBER: ${{ github.event.pull_request.number }} From 4666e9ec6687a3b22959a99f45305f96b7057701 Mon Sep 17 00:00:00 2001 From: Carly Gundy <47304080+cgundy@users.noreply.github.com> Date: Thu, 23 Jan 2025 10:15:31 +0100 Subject: [PATCH 20/20] remove line --- .github/workflows/internal_vs_external.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/internal_vs_external.yml b/.github/workflows/internal_vs_external.yml index aac15da..2cb9c0b 100644 --- a/.github/workflows/internal_vs_external.yml +++ b/.github/workflows/internal_vs_external.yml @@ -54,7 +54,6 @@ jobs: steps: - name: Dismiss Pull Request Reviews run: | - #!/bin/bash set -euo pipefail # get existing reviews