Skip to content
name: Label Pull Request on Pull Request review approval
on:
pull_request_review:
types:
- submitted
pull_request_target:
types:
- ready_for_review
- review_requested
permissions:
contents: read
jobs:
label_approved:
name: Label on Approval
runs-on: ubuntu-latest
if: |
(!contains(github.event.pull_request.labels.*.name, 'approved')) &&
(github.event.review.state == 'approved') &&
(github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name)
permissions:
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
- name: Label Approved
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: ['approved']
})
comment_approved:
name: Comment Concerning Approved Tag
runs-on: ubuntu-latest
if: |
(github.event_name == 'pull_request_target') &&
(github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name)
permissions:
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
- name: Find Warning Comment
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
id: fc_warning
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: 'github-actions[bot]'
body-includes: This Pull Request is coming from a fork and must be manually tagged `approved` in order to perform additional testing.
- name: Update Warning Comment
if: |
(steps.fc_warning.outputs.comment-id == '') &&
(!contains(github.event.pull_request.labels.*.name, 'approved')) &&
(github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name)
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
comment-id: ${{ steps.fc_warning.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
body: |
> [!WARNING]
> This Pull Request is coming from a fork and must be manually tagged `approved` in order to perform additional testing.
edit-mode: replace
- name: Find Note Comment
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
id: fc_note
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: 'github-actions[bot]'
body-includes: This Pull Request has been manually approved for additional testing!
- name: Update Note Comment
if: |
(steps.fc_note.outputs.comment-id == '') &&
contains(github.event.pull_request.labels.*.name, 'approved')
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
comment-id: ${{ steps.fc_note.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
body: |
> [!NOTE]
> This Pull Request has been manually approved for additional testing!
reactions: |
hooray
edit-mode: append