From 6a752f09520dc8ddda8433e2542be83e04dac223 Mon Sep 17 00:00:00 2001 From: Josh Johanning Date: Sun, 3 Dec 2023 11:53:02 -0600 Subject: [PATCH 1/5] feat: check if team exists closes #22 --- action.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 06f4326..c825c57 100644 --- a/action.yml +++ b/action.yml @@ -45,7 +45,14 @@ runs: shell: bash run: | # "checking for a ${{ inputs.approve-command }} command in the comments from someone in the ${{ inputs.team-name}} team" - users=$(gh api --paginate '/orgs/${{ github.repository_owner }}/teams/${{ inputs.team-name }}/members' | jq -c '.[].login') + # getting team membership" + echo "getting team membership for the team: @${{ github.repository_owner }}/${{ inputs.team-name }} ..." + users=$(gh api --paginate '${{ github.event.organization.url }}/teams/${{ inputs.team-name }}/members' --jq '.[].login') + if [ $? -ne 0 ]; then + echo "::error title=Team doesn't exist or token doesn't have access::The ${{ inputs.team-name }} team doesn't exist or the token doesn't have access to it" + exit 1 + fi + approveCommand="${{ inputs.approve-command }}" authorized=false comments=$(gh api --paginate '${{ github.event.comment.issue_url }}/comments') From b0477ec4c9975ddfa7d2c4f1c649c65f8218144b Mon Sep 17 00:00:00 2001 From: Josh Johanning Date: Sun, 3 Dec 2023 11:53:52 -0600 Subject: [PATCH 2/5] feat: pre-req check --- README.md | 9 +++++++++ action.yml | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/README.md b/README.md index f69962d..8934117 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,8 @@ jobs: ## Prerequisites +### Team and Authentication + 1. Create a GitHub team and add at least one member 2. Authentication options: - GitHub App @@ -62,6 +64,13 @@ Notes: - A Personal Access Token (PAT) is not used since we want the comment to show as from a bot - The `github.token` is not used since the token can't provide hyperlinks for @ mentions since it doesn't have the scope for org teams, only repository data +### Runner Software Requirements + +Required software installed on runner: + + - [`gh` (GitHub CLI)](https://cli.github.com/) + - [`jq`](https://jqlang.github.io/jq/download/) + ## Breaking Changes ### v1 to v2 diff --git a/action.yml b/action.yml index c825c57..f39ca7c 100644 --- a/action.yml +++ b/action.yml @@ -45,6 +45,15 @@ runs: shell: bash run: | # "checking for a ${{ inputs.approve-command }} command in the comments from someone in the ${{ inputs.team-name}} team" + + # prerequisite check + for cmd in gh jq; do + if ! command -v $cmd &> /dev/null; then + echo "::error title=${cmd} not installed::Could not find \`${cmd}\` on the runner" + exit 1 + fi + done + # getting team membership" echo "getting team membership for the team: @${{ github.repository_owner }}/${{ inputs.team-name }} ..." users=$(gh api --paginate '${{ github.event.organization.url }}/teams/${{ inputs.team-name }}/members' --jq '.[].login') From f23e34a8bfef85fb077dc9a2c607bb3f89c89c75 Mon Sep 17 00:00:00 2001 From: Josh Johanning Date: Sun, 3 Dec 2023 11:54:04 -0600 Subject: [PATCH 3/5] chore: updating url --- action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index f39ca7c..2f7f9e1 100644 --- a/action.yml +++ b/action.yml @@ -15,8 +15,8 @@ inputs: required: true token: description: "GitHub App installation token or PAT that has access to read the comments and check the org team's membership" - default: ${{ github.token }} # this doesn't allow tagging of the approval team; better to use GitHub App required: true + default: ${{ github.token }} # this doesn't allow tagging of the approval team; better to use GitHub App fail-if-approval-not-found: description: "Fail the action (i.e. show the action run as red) if the command is not found in the comments from someone in the approver team" required: true @@ -64,7 +64,7 @@ runs: approveCommand="${{ inputs.approve-command }}" authorized=false - comments=$(gh api --paginate '${{ github.event.comment.issue_url }}/comments') + comments=$(gh api --paginate ${{ github.event.issue.comments_url }}) for comment in $(echo $comments | jq -r '.[] | @base64'); do body=$(echo $comment | base64 --decode | jq -r '.body' | tr -d ' ' | tr -d '\r\n') actor=$(echo $comment | base64 --decode | jq -r '.user.login') From 91cb94b3f3db8d0134153874b184ca0157c43bfa Mon Sep 17 00:00:00 2001 From: Josh Johanning Date: Sun, 3 Dec 2023 14:52:33 -0600 Subject: [PATCH 4/5] fix: redirect error when checking team closes #22 --- action.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/action.yml b/action.yml index 2f7f9e1..368f080 100644 --- a/action.yml +++ b/action.yml @@ -54,13 +54,9 @@ runs: fi done - # getting team membership" + # checking team and getting team membership" echo "getting team membership for the team: @${{ github.repository_owner }}/${{ inputs.team-name }} ..." - users=$(gh api --paginate '${{ github.event.organization.url }}/teams/${{ inputs.team-name }}/members' --jq '.[].login') - if [ $? -ne 0 ]; then - echo "::error title=Team doesn't exist or token doesn't have access::The ${{ inputs.team-name }} team doesn't exist or the token doesn't have access to it" - exit 1 - fi + users=$(gh api --paginate '${{ github.event.organization.url }}/teams/${{ inputs.team-name }}/members' --jq '.[].login' 2> /dev/null) || { echo "::error title=Team doesn't exist or token doesn't have access::The ${{ inputs.team-name }} team doesn't exist or the token doesn't have access to it"; exit 1; } approveCommand="${{ inputs.approve-command }}" authorized=false From edea4fdd6761df137552d87322b96bbb488c35f6 Mon Sep 17 00:00:00 2001 From: Josh Johanning Date: Sun, 3 Dec 2023 15:04:11 -0600 Subject: [PATCH 5/5] docs: table for inputs in readme closes #25 --- README.md | 23 ++++++++++++++++------- action.yml | 2 +- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 8934117..f9f5c67 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,6 @@ jobs: if: contains(github.event.comment.body, '/do-stuff') steps: - # get the app's installation token - uses: actions/create-github-app-token@v1 id: app-token with: @@ -29,14 +28,24 @@ jobs: uses: joshjohanning/approveops@v2 id: check-approval with: - token: ${{ steps.app-token.outputs.token }} # use a github app token or a PAT - approve-command: '/approve' # defaults to '/approve', the command to look for in the comments - team-name: 'approver-team' # the name of the team in GitHub to check for the approval command; e.g.: approver-team - fail-if-approval-not-found: true # defaults to true, fail the action (show the action run as red) if the command is not found in the comments from someone in the approver team" - post-successful-approval-comment: false # defaults to true, whether to post successful approval comment - successful-approval-comment: ':tada: You were able to run the workflow because someone left an approval in the comments!! :tada:' # Optional, only if post-successful-approval-comment is true, comment to post if an approval is found + token: ${{ steps.app-token.outputs.token }} + approve-command: '/approve' + team-name: 'approver-team' + fail-if-approval-not-found: true + post-successful-approval-comment: false ``` +### Inputs + +| Name | Description | Required | Default | +| --- | --- | --- | --- | +| `token` | GitHub App installation token or PAT that has access to read+write comments and list the team's membership | `true` | `''` | +| `approve-command` | The approval command to look for in the comments | `true` | `/approve` | +| `team-name` | The name of the team in GitHub to check for the approval command, e.g. `approver-team` | `true` | `''` | +| `fail-if-approval-not-found` | Fail the action (show the action run as red) if the command is not found in the comments from someone in the approver team | `true` | `true` | +| `post-successful-approval-comment` | Whether to post successful approval comment | `true` | `true` | +| `successful-approval-comment` | Comment to post if an approval is found | `true` | `':tada: You were able to run the workflow because someone left an approval in the comments!!'` | + ## Prerequisites ### Team and Authentication diff --git a/action.yml b/action.yml index 368f080..5d21544 100644 --- a/action.yml +++ b/action.yml @@ -28,7 +28,7 @@ inputs: successful-approval-comment: description: "Comment to post if an approval is found" required: true - default: ":tada: You were able to run the workflow because someone left an approval in the comments!! :tada:" + default: ":tada: You were able to run the workflow because someone left an approval in the comments!!" outputs: approved: