From 068d1bd0a1ff6f7789af83736e51d61c5f37ac25 Mon Sep 17 00:00:00 2001
From: Ying WANG <ying.wang@grafana.com>
Date: Mon, 16 Dec 2024 12:18:53 +0100
Subject: [PATCH] add autoreview for helm release

---
 .github/workflows/allowlist.json          | 26 ----------
 .github/workflows/dependabot_reviewer.yml | 58 ++++-------------------
 2 files changed, 9 insertions(+), 75 deletions(-)
 delete mode 100644 .github/workflows/allowlist.json

diff --git a/.github/workflows/allowlist.json b/.github/workflows/allowlist.json
deleted file mode 100644
index 5b4cc323e94..00000000000
--- a/.github/workflows/allowlist.json
+++ /dev/null
@@ -1,26 +0,0 @@
-[
-  {
-    "name": "sigs.k8s.io/kustomize/kyaml",
-    "reason": "the library is only used for CI not in production"
-  },
-  {
-    "name": "github.com/xlab/treeprint",
-    "reason": "the library is only used in tests"
-  },
-  {
-    "name": "github.com/aws/aws-sdk-go",
-    "reason": "the library is quite stable"
-  },
-  {
-    "name": "github.com/stretchr/testify",
-    "reason": "the library is only used in tests"
-  },
-  {
-    "name": "github.com/hashicorp/golang-lru/v2",
-    "reason": "stable library, getting bugfixes"
-  },
-  {
-    "name": "github.com/google/uuid",
-    "reason": "stable library, getting bugfixes"
-  }
-]
\ No newline at end of file
diff --git a/.github/workflows/dependabot_reviewer.yml b/.github/workflows/dependabot_reviewer.yml
index 03bbf286321..aa1ddeaa85f 100644
--- a/.github/workflows/dependabot_reviewer.yml
+++ b/.github/workflows/dependabot_reviewer.yml
@@ -12,71 +12,31 @@ jobs:
   dependabot-reviewer:
     runs-on: ubuntu-latest
 
-    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
+    if: ${{ github.event.pull_request.user.login == 'grafanabot' }}
     
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
 
-      - name: Dependabot metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@v2.2.0
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-
-      - name: Check allowlist
-        id: check-allowlist
-        if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
-        run: |
-          cfg_path=".github/workflows/allowlist.json"
-          IFS=', ' read -r -a libsUpdated <<< "${{ steps.metadata.outputs.dependency-names }}"
-          # Loop through the array to make sure all updated libraries are in the allowlist
-          all_in_allowlist="true"
-          reason_array=()
-
-          # If any element is not in the allowlist, set the flag to false
-          for lib in "${libsUpdated[@]}"; do
-            exists=$(jq --arg lib "$lib" 'any(.[]; .name == $lib)' $cfg_path)
-            if [[ "$exists" != "true" ]]; then
-              all_in_allowlist="false"
-              break
-            else
-              reason_array+=("$(jq -r --arg lib "$lib" '.[] | select(.name == $lib) | .reason' $cfg_path)")
-            fi
-          done
-
-          if [[ "$all_in_allowlist" == "true" ]]; then
-            reasons=$(IFS=','; echo "${reason_array[*]}")
-            echo "reasons=$reasons" >> $GITHUB_OUTPUT
-            echo "allInAllowlist=true" >> $GITHUB_OUTPUT
-          else
-            echo "allInAllowlist=false" >> $GITHUB_OUTPUT
-          fi
+      - name: Helm Weekly release
+        id: helm-weekly-release
+        if : contains(github.ref, 'helm-chart-weekly-')
+        run: echo "isHelmRelease=true" >> $GITHUB_OUTPUT
 
       - name: Approve and auto-merge
-        if: steps.check-allowlist.conclusion == 'success' && steps.check-allowlist.outputs.allInAllowlist == 'true'
+        if: (steps.helm-weekly-release.conclusion == 'success' && steps.helm-weekly-release.outputs.isHelmRelease == 'true')
         run: |
           gh pr merge --auto --squash "$PR_URL"
           gh pr review $PR_URL \
-          --approve -b "**I'm approving** this pull request because it includes a patch or minor \
-          update to dependencies that are already in the allowlist.
-
-          The reason this library is in the allowlist is that ${{ steps.check-allowlist.outputs.reasons}}"
+          --approve -b "**I'm approving** this pull request, since it is a helm release."
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
           GITHUB_TOKEN: ${{secrets.GH_BOT_ACCESS_TOKEN}}
 
       - name: Manual review is required
-        if: steps.check-allowlist.conclusion != 'success' || steps.check-allowlist.outputs.allInAllowlist == 'false'
+        if: steps.helm-weekly-release.conclusion != 'skip' && steps.helm-weekly-release.conclusion != 'success' 
         run: |
-          gh pr comment $PR_URL --body "**This library is not auto-approved**
-
-          Unfortunately, this library is a major version update or it is not included in our allowlist, which means it cannot be auto-approved. \
-          If you believe it should be considered for auto-approval, please open a pull request to add \
-          it to the allowlist configuration. 
-
-          To add this library to the allowlist, please modify the [allowlist.json](https://github.com/grafana/mimir/tree/main/.github/workflows/allowlist.json) file and \
-          include the necessary details for review."
+          gh pr comment $PR_URL --body "**This PR requires manual review.**"
 
         env:
           PR_URL: ${{github.event.pull_request.html_url}}