Label Pull Request on Pull Request review approval #738
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Label Pull Request on Pull Request review approval | |
| on: | |
| pull_request_review: | |
| types: | |
| - submitted | |
| pull_request_target: | |
| types: | |
| - ready_for_review | |
| - review_requested | |
| permissions: | |
| contents: read | |
| jobs: | |
| label_approved: | |
| name: Label on Approval | |
| runs-on: ubuntu-latest | |
| if: | | |
| (!contains(github.event.pull_request.labels.*.name, 'approved')) && | |
| (github.event.review.state == 'approved') && | |
| (github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name) | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| - name: Label Approved | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| with: | |
| script: | | |
| github.rest.issues.addLabels({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| labels: ['approved'] | |
| }) | |
| comment_approved: | |
| name: Comment Concerning Approved Tag | |
| runs-on: ubuntu-latest | |
| if: | | |
| (github.event_name == 'pull_request_target') && | |
| (github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name) | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| - name: Find Warning Comment | |
| uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 | |
| id: fc_warning | |
| with: | |
| issue-number: ${{ github.event.pull_request.number }} | |
| comment-author: 'github-actions[bot]' | |
| body-includes: This Pull Request is coming from a fork and must be manually tagged `approved` in order to perform additional testing. | |
| - name: Update Warning Comment | |
| if: | | |
| (steps.fc_warning.outputs.comment-id == '') && | |
| (!contains(github.event.pull_request.labels.*.name, 'approved')) && | |
| (github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name) | |
| uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 | |
| with: | |
| comment-id: ${{ steps.fc_warning.outputs.comment-id }} | |
| issue-number: ${{ github.event.pull_request.number }} | |
| body: | | |
| > [!WARNING] | |
| > This Pull Request is coming from a fork and must be manually tagged `approved` in order to perform additional testing. | |
| edit-mode: replace | |
| - name: Find Note Comment | |
| uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 | |
| id: fc_note | |
| with: | |
| issue-number: ${{ github.event.pull_request.number }} | |
| comment-author: 'github-actions[bot]' | |
| body-includes: This Pull Request has been manually approved for additional testing! | |
| - name: Update Note Comment | |
| if: | | |
| (steps.fc_note.outputs.comment-id == '') && | |
| contains(github.event.pull_request.labels.*.name, 'approved') | |
| uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 | |
| with: | |
| comment-id: ${{ steps.fc_note.outputs.comment-id }} | |
| issue-number: ${{ github.event.pull_request.number }} | |
| body: | | |
| > [!NOTE] | |
| > This Pull Request has been manually approved for additional testing! | |
| reactions: | | |
| hooray | |
| edit-mode: append |