-
Notifications
You must be signed in to change notification settings - Fork 59
97 lines (92 loc) · 3.43 KB
/
label-on-approval.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
name: Label Pull Request on Pull Request review approval
on:
pull_request_review:
types:
- submitted
pull_request_target:
types:
- ready_for_review
- review_requested
permissions:
contents: read
jobs:
label_approved:
name: Label on Approval
runs-on: ubuntu-latest
if: |
(!contains(github.event.pull_request.labels.*.name, 'approved')) &&
(github.event.review.state == 'approved') &&
(github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name)
permissions:
checks: write
contents: read
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
- name: Label Approved
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: ['approved']
})
comment_approved:
name: Comment Concerning Approved Tag
runs-on: ubuntu-latest
if: |
(github.event_name == 'pull_request_target') &&
(github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name)
permissions:
checks: write
contents: read
pull-requests: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
- name: Find comment
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
id: fc
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: 'github-actions[bot]'
body-includes: This Pull Request is coming from a fork and must be manually tagged `approved` in order to perform additional testing.
- name: Create comment
if: |
(steps.fc.outputs.comment-id == '') &&
(!contains(github.event.pull_request.labels.*.name, 'approved')) &&
(github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name)
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
comment-id: ${{ steps.fc.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
body: |
> **Warning**
> This Pull Request is coming from a fork and must be manually tagged `approved` in order to perform additional testing.
edit-mode: replace
- name: Update comment
if: |
contains(github.event.pull_request.labels.*.name, 'approved')
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
comment-id: ${{ steps.fc.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
body: |
> **Note**
> This Pull Request is approved!
reactions: |
hooray
edit-mode: append