diff --git a/.github/workflows/commit-queue.yml b/.github/workflows/commit-queue.yml index 8b5f37807b12af..8db807a92b4dc9 100644 --- a/.github/workflows/commit-queue.yml +++ b/.github/workflows/commit-queue.yml @@ -33,11 +33,21 @@ jobs: - name: Get Pull Requests id: get_mergeable_prs run: | + set -x prs=$(gh pr list \ --repo "$GITHUB_REPOSITORY" \ --base "$GITHUB_REF_NAME" \ --label 'commit-queue' \ --json 'number' \ + --search "created:<=$(date --date="7 days ago" +"%Y-%m-%dT%H:%M:%S%z") -label:blocked -label:\"Approvals: 2+\"" \ + -t '{{ range . }}{{ .number }} {{ end }}' \ + --limit 100) + prs_2_approvals=$(gh pr list \ + --repo "$GITHUB_REPOSITORY" \ + --base "$GITHUB_REF_NAME" \ + --label 'commit-queue' \ + --label 'Approvals: 2+' \ + --json 'number' \ --search "created:<=$(date --date="2 days ago" +"%Y-%m-%dT%H:%M:%S%z") -label:blocked" \ -t '{{ range . }}{{ .number }} {{ end }}' \ --limit 100) @@ -46,11 +56,12 @@ jobs: --base "$GITHUB_REF_NAME" \ --label 'commit-queue' \ --label 'fast-track' \ + --label 'Approvals: 2+' \ --search "-label:blocked" \ --json 'number' \ -t '{{ range . }}{{ .number }} {{ end }}' \ --limit 100) - numbers=$(echo $prs' '$fast_track_prs | jq -r -s 'unique | join(" ")') + numbers=$(echo "$prs $prs_2_approvals $fast_track_prs" | jq -r -s 'unique | join(" ")') echo "numbers=$numbers" >> "$GITHUB_OUTPUT" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/label-pr.yml b/.github/workflows/label-pr.yml index 03aa1fa9a8d0e6..b1b6e3dbffcfe1 100644 --- a/.github/workflows/label-pr.yml +++ b/.github/workflows/label-pr.yml @@ -3,16 +3,76 @@ name: Label PRs on: pull_request_target: types: [opened] + workflow_run: + workflows: [PR Reviewed] + types: [completed] -permissions: - contents: read +permissions: {} jobs: label: runs-on: ubuntu-slim + if: github.event_name != 'workflow_run' steps: - uses: nodejs/node-pr-labeler@d4cf1b8b9f23189c37917000e5e17e796c770a6b # v1 with: repo-token: ${{ secrets.GH_USER_TOKEN }} configuration-path: .github/label-pr-config.yml + + count_approvals: + runs-on: ubuntu-latest + if: github.event_name == 'workflow_run' + permissions: + pull-requests: read + steps: + - name: Download PR number + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 + with: + name: pr-number + run-id: ${{ github.event.workflow_run.id }} + # Using privileged token to be able to download file from a different workflow + github-token: ${{ secrets.GH_USER_TOKEN }} + - name: Fetch PR data + id: pr-data + run: | + set -x + PR_NUMBER="$(grep -E '^[0-9]+$' pr_number.txt)" + + [ -n "$PR_NUMBER" ] && { + echo "NUMBER=$PR_NUMBER" + echo "DATA=$( + gh --repo "$GITHUB_REPOSITORY" pr view "$PR_NUMBER" \ + --json reviewDecision,headRefOid,reviews,labels \ + --jq 'if .reviewDecision != "APPROVED" then .reviewDecision | halt_error end' \ + || true + )" + } >> "$GITHUB_OUTPUT" + env: + # Using unprivileged token as PR_NUMBER is a user-provided value + GH_TOKEN: ${{ github.token }} + - name: 'Add/remove "Approvals: 2+" label' + run: | + set -x + [ -n "$PR_DATA" ] && { + TEAM_NAME=$(echo "$PR_DATA" | jq -r 'if (.labels | any(.name == "semver-major")) then "tsc" else "collaborators" end') + TEAM_MEMBERS=$(gh api "orgs/nodejs/teams/$TEAM_NAME/members" --paginate --jq 'map(.login)') + + echo "$PR_DATA" | jq --argjson team "$TEAM_MEMBERS" -r ' + .headRefOid as $head + | .reviews + | map(select( + .state == "APPROVED" + and .commit.oid == $head + and (.author.login as $login | $team | any(. == $login)) + )) + | unique_by(.author.login) + | if length < 2 then halt_error end' \ + && gh --repo "$GITHUB_REPOSITORY" pr edit "$PR_NUMBER" --add-label 'Approvals: 2+' + } \ + || gh --repo "$GITHUB_REPOSITORY" pr edit "$PR_NUMBER" --remove-label 'Approvals: 2+' + env: + # Using privileged token to be able to fetch the team list + GH_TOKEN: ${{ secrets.GH_USER_TOKEN }} + PR_NUMBER: ${{ steps.pr-data.outputs.NUMBER }} + PR_DATA: ${{ steps.pr-data.outputs.DATA }} diff --git a/.github/workflows/pr-revieweed.yml b/.github/workflows/pr-revieweed.yml new file mode 100644 index 00000000000000..128211f7b10a09 --- /dev/null +++ b/.github/workflows/pr-revieweed.yml @@ -0,0 +1,19 @@ +name: PR Reviewed + +on: + pull_request_review: + types: [submitted, dismissed] + +permissions: {} + +jobs: + store-pr-number: + runs-on: ubuntu-slim + steps: + - name: Store PR number + run: echo "${{ github.event.pull_request.number }}" > pr_number.txt + - name: Upload PR number + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + with: + name: pr-number + path: pr_number.txt