Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(IDX): add internal-external workflow #99

Merged
merged 20 commits into from
Jan 23, 2025
89 changes: 89 additions & 0 deletions .github/workflows/internal_vs_external.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
# Checks to see which reviews are required based on internal vs external contribution

name: Internal vs External Review

on:
pull_request:
types:
- ready_for_review
- synchronize
merge_group: # merge group is always needed for a required workflows to prevent them from getting stuck, but we then skip it below

jobs:
# check-membership:
# name: Check Membership
# runs-on: ubuntu-latest
# # Dont run this workflow on merge queue
# if: ${{ github.event_name != 'merge_group' }}
# outputs:
# is_member: ${{ steps.check-membership.outputs.is_member}}
# steps:
# - name: Create GitHub App Token
# uses: actions/create-github-app-token@v1
# id: app-token
# with:
# app-id: ${{ vars.CLA_BOT_APP_ID }}
# private-key: ${{ secrets.CLA_BOT_PRIVATE_KEY }}

# - name: Checkout
# uses: actions/checkout@v4
# with:
# repository: 'dfinity/public-workflows'

# - name: Python Setup
# uses: ./.github/workflows/python-setup

# - name: Check Membership
# id: check-membership
# run: python reusable_workflows/check_membership/check_membership.py
# shell: bash
# env:
# GH_TOKEN: ${{ steps.app-token.outputs.token }}
# GH_ORG: ${{ github.repository_owner }}
# USER: ${{ github.event.pull_request.user.login }}

revoke-approvals:
name: Revoke Approvals
runs-on: ubuntu-latest
# needs: check-membership
# if: ${{ needs.check-membership.outputs.is_member != 'true' && needs.check-membership.result == 'success' }}
steps:
- name: Create GitHub App Token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.CLA_BOT_APP_ID }}
private-key: ${{ secrets.CLA_BOT_PRIVATE_KEY }} # the CLA Bot has permissions to dismiss pull request reviews

- name: Dismiss Pull Request Reviews
run: |
#!/bin/bash
cgundy marked this conversation as resolved.
Show resolved Hide resolved
set -euo pipefail

reviews=$(curl -s -H "Authorization: token ${GH_TOKEN}" \
"https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews")

# Check if any reviews were found
if [ -z "$reviews" ] || [ "$reviews" == "[]" ]; then
echo "No reviews to dismiss"
exit 0
fi

for review_id in $(echo "${reviews}" | jq -r '.[] | select(.state == "APPROVED") | .id'); do
cgundy marked this conversation as resolved.
Show resolved Hide resolved
curl -s -X PUT -H "Authorization: token ${GH_TOKEN}" \
-H "Accept: application/vnd.github.v3+json" \
-d '{"message": "Review dismissed by automation script."}' \
"https://api.github.com/repos/${GH_ORG}/${REPO}/pulls/${PULL_NUMBER}/reviews/${review_id}/dismissals"
if [ "$response" -eq 200 ]; then
echo "Dismissed review ${review_id}"
else
echo "Failed to dismiss review ${review_id}, HTTP status code: $response"
exit 1
fi
done
shell: bash
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
GH_ORG: ${{ github.repository_owner }}
REPO: ${{ github.event.repository.name }}
PULL_NUMBER: ${{ github.event.pull_request.number }}
Loading