From ca2967321e15fcd7a5b2c3ee128bf7f457c40fcf Mon Sep 17 00:00:00 2001 From: Javier Bullrich Date: Sun, 24 Sep 2023 22:15:22 +0100 Subject: [PATCH] add review-bot to require fellows as reviewers (#31) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * add review-bot to require fellows as reviewers Created a Github Action that uses the [Review-Bot app](https://github.com/paritytech/review-bot) to require fellows to review pull requests before allowing the PR to be merged. The user's information is fetched always from the chain after every event. It looks in the fellows data for a field named GitHub and it extracts the handle from there. This resolves #7 (you can find more information about the request there) This uses [`pull_request_target`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) for the event, not `pull_request`. This is a security measure so that an attacker doesn’t have access to the secrets. * removed non existent directory * Apply suggestions for required rankings Co-authored-by: Bastian Köcher Co-authored-by: joe petrowski <25483142+joepetrowski@users.noreply.github.com> * merged system parachains with relay files * updated minFellowsRank for .github files Co-authored-by: Bastian Köcher * updated file to new version Version 2.0.0 requires new types and fields. This will help us so we can develop custom rules in the future. * added CHANGELOG to 'Relay and System files' rule --------- Co-authored-by: Bastian Köcher Co-authored-by: joe petrowski <25483142+joepetrowski@users.noreply.github.com> --- .github/review-bot.yml | 32 ++++++++++++++++++++++++++++++++ .github/workflows/review-bot.yml | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 .github/review-bot.yml create mode 100644 .github/workflows/review-bot.yml diff --git a/.github/review-bot.yml b/.github/review-bot.yml new file mode 100644 index 0000000000..230f2d0ca5 --- /dev/null +++ b/.github/review-bot.yml @@ -0,0 +1,32 @@ +rules: + - name: CI Files + condition: + include: + - ^\.github/.* + type: fellows + minRank: 4 + minApprovals: 2 + - name: Relay and system files + condition: + include: + - ^relay\/kusama\/.* + - ^relay\/polkadot\/.* + - ^system-parachains\/.* + - ^CHANGELOG$ + exclude: + - ^relay\/.+\.adoc$ + type: fellows + minRank: 3 + minApprovals: 4 + - name: General Files + condition: + include: + - '.*' + exclude: + - ^relay\/kusama\/.* + - ^relay\/polkadot\/.* + - ^\.github/.* + - ^system-parachains\/.* + - ^target\/.* + type: fellows + minRank: 2 diff --git a/.github/workflows/review-bot.yml b/.github/workflows/review-bot.yml new file mode 100644 index 0000000000..75f7a1d192 --- /dev/null +++ b/.github/workflows/review-bot.yml @@ -0,0 +1,32 @@ +name: Review PR +on: + pull_request_target: + types: + - opened + - reopened + - synchronize + - review_requested + - review_request_removed + - ready_for_review + pull_request_review: + +permissions: + contents: read + checks: write + +jobs: + review-approvals: + runs-on: ubuntu-latest + steps: + - name: Generate token + id: team_token + uses: tibdex/github-app-token@v1 + with: + app_id: ${{ secrets.REVIEW_APP_ID }} + private_key: ${{ secrets.REVIEW_APP_KEY }} + - name: "Evaluates PR reviews and assigns reviewers" + uses: paritytech/review-bot@v2.0.0 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + team-token: ${{ steps.team_token.outputs.token }} + checks-token: ${{ steps.team_token.outputs.token }}