From f0b02db1fbe779c58dbf6cc5e466455009a7504b Mon Sep 17 00:00:00 2001 From: Nara Kasbergen Date: Thu, 30 Nov 2023 14:52:00 +0100 Subject: [PATCH] chore: enable auto-approve workflow for providers --- .projenrc.ts | 2 +- {projenrc => src}/auto-approve.ts | 2 +- src/index.ts | 4 +- src/provider-upgrade.ts | 2 +- test/__snapshots__/index.test.ts.snap | 123 ++++++++++++++++++++++++-- 5 files changed, 123 insertions(+), 10 deletions(-) rename {projenrc => src}/auto-approve.ts (98%) diff --git a/.projenrc.ts b/.projenrc.ts index 42ae4a17..93e77bc1 100644 --- a/.projenrc.ts +++ b/.projenrc.ts @@ -5,9 +5,9 @@ import { cdk } from "projen"; import { UpgradeDependenciesSchedule } from "projen/lib/javascript"; -import { AutoApprove } from "./projenrc/auto-approve"; import { Automerge } from "./projenrc/automerge"; import { UpgradeNode } from "./projenrc/upgrade-node"; +import { AutoApprove } from "./src/auto-approve"; import { CustomizedLicense } from "./src/customized-license"; import { LockIssues } from "./src/lock-issues"; diff --git a/projenrc/auto-approve.ts b/src/auto-approve.ts similarity index 98% rename from projenrc/auto-approve.ts rename to src/auto-approve.ts index 35fe1ed5..f929a9a8 100644 --- a/projenrc/auto-approve.ts +++ b/src/auto-approve.ts @@ -29,7 +29,7 @@ export class AutoApprove { steps: [ { name: "Checkout PR", - uses: "actions/checkout@v3", + uses: "actions/checkout@v4", with: { ref: "${{ github.event.pull_request.head.ref }}", repository: diff --git a/src/index.ts b/src/index.ts index 226d8f67..864f8617 100644 --- a/src/index.ts +++ b/src/index.ts @@ -5,6 +5,7 @@ import { TextFile, cdk, github, JsonPatch } from "projen"; import { JobStep } from "projen/lib/github/workflows-model"; import { UpgradeDependenciesSchedule } from "projen/lib/javascript"; import { AlertOpenPrs } from "./alert-open-prs"; +import { AutoApprove } from "./auto-approve"; import { AutoCloseCommunityIssues } from "./auto-close-community-issues"; import { CdktfConfig } from "./cdktf-config"; import { CopyrightHeaders } from "./copyright-headers"; @@ -217,7 +218,7 @@ export class CdktfProviderProject extends cdk.JsiiProject { eslint: false, depsUpgradeOptions: { workflowOptions: { - labels: ["automerge", "dependencies"], + labels: ["automerge", "auto-approve", "dependencies"], schedule: UpgradeDependenciesSchedule.WEEKLY, }, }, @@ -362,6 +363,7 @@ export class CdktfProviderProject extends cdk.JsiiProject { }); new CustomizedLicense(this, options.creationYear); new GithubIssues(this, { providerName }); + new AutoApprove(this); new AutoCloseCommunityIssues(this, { providerName }); new LockIssues(this); new NextVersionPr(this, "${{ secrets.GITHUB_TOKEN }}"); diff --git a/src/provider-upgrade.ts b/src/provider-upgrade.ts index 0a038cf5..ed28b4cb 100644 --- a/src/provider-upgrade.ts +++ b/src/provider-upgrade.ts @@ -87,7 +87,7 @@ export class ProviderUpgrade { branch: "auto/provider-upgrade", title: `fix: upgrade provider from \`${currentVersion}\` to version \`${newVersion}\``, body: `This PR upgrades the underlying Terraform provider to version ${newVersion}`, - labels: "automerge", + labels: "automerge,auto-approve", token: "${{ secrets.GH_TOKEN }}", "delete-branch": true, committer: "team-tf-cdk ", diff --git a/test/__snapshots__/index.test.ts.snap b/test/__snapshots__/index.test.ts.snap index 560835d3..1ef5d094 100644 --- a/test/__snapshots__/index.test.ts.snap +++ b/test/__snapshots__/index.test.ts.snap @@ -35,6 +35,7 @@ project { /.github/ISSUE_TEMPLATE/config.yml linguist-generated /.github/pull_request_template.md linguist-generated /.github/workflows/alert-open-prs.yml linguist-generated +/.github/workflows/auto-approve.yml linguist-generated /.github/workflows/auto-close-community-issues.yml linguist-generated /.github/workflows/auto-close-community-prs.yml linguist-generated /.github/workflows/build.yml linguist-generated @@ -106,6 +107,40 @@ jobs: SLACK_WEBHOOK_URL: \${{ secrets.ALERT_PRS_SLACK_WEBHOOK_URL }} with: payload: "{\\"pr_links\\":\\"\${{ join(fromJSON(steps.old_prs.outputs.pr_links), ', ') }}\\"}" +", + ".github/workflows/auto-approve.yml": "# ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". + +name: auto-approve +on: + pull_request_target: + types: + - opened + - labeled + - ready_for_review + - reopened +jobs: + approve: + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + if: contains(github.event.pull_request.labels.*.name, 'auto-approve') && github.event.pull_request.draft == false + steps: + - name: Checkout PR + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + ref: \${{ github.event.pull_request.head.ref }} + repository: \${{ github.event.pull_request.head.repo.full_name }} + - name: Auto-approve PRs by other users as team-tf-cdk + if: github.event.pull_request.user.login != 'team-tf-cdk' && (contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.pull_request.author_association) || github.actor == 'dependabot[bot]') + env: + GH_TOKEN: \${{ secrets.PROJEN_GITHUB_TOKEN }} + run: gh pr review \${{ github.event.pull_request.number }} --approve + - name: Auto-approve PRs by team-tf-cdk as github-actions[bot] + if: github.event.pull_request.user.login == 'team-tf-cdk' + env: + GH_TOKEN: \${{ secrets.GITHUB_TOKEN }} + run: gh pr review \${{ github.event.pull_request.number }} --approve ", ".github/workflows/auto-close-community-issues.yml": "# ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". @@ -607,7 +642,7 @@ jobs: branch: auto/provider-upgrade title: "fix: upgrade provider from \`\${{ steps.current_version.outputs.value }}\` to version \`\${{ steps.new_version.outputs.value }}\`" body: This PR upgrades the underlying Terraform provider to version \${{ steps.new_version.outputs.value }} - labels: automerge + labels: automerge,auto-approve token: \${{ secrets.GH_TOKEN }} delete-branch: true committer: team-tf-cdk @@ -1100,7 +1135,7 @@ jobs: *Automatically created by projen via the "upgrade-main" workflow* branch: github-actions/upgrade-main title: "chore(deps): upgrade dependencies" - labels: automerge,dependencies + labels: automerge,auto-approve,dependencies body: |- Upgrades project dependencies. See details in [workflow run]. @@ -1169,6 +1204,7 @@ package-lock.json !/.github/workflows/provider-upgrade.yml !/LICENSE !/.github/ISSUE_TEMPLATE/config.yml +!/.github/workflows/auto-approve.yml !/.github/workflows/auto-close-community-issues.yml !/.github/workflows/auto-close-community-prs.yml !/.github/workflows/lock.yml @@ -1374,6 +1410,7 @@ scripts ".github/ISSUE_TEMPLATE/config.yml", ".github/pull_request_template.md", ".github/workflows/alert-open-prs.yml", + ".github/workflows/auto-approve.yml", ".github/workflows/auto-close-community-issues.yml", ".github/workflows/auto-close-community-prs.yml", ".github/workflows/build.yml", @@ -2691,6 +2728,7 @@ project { /.github/ISSUE_TEMPLATE/config.yml linguist-generated /.github/pull_request_template.md linguist-generated /.github/workflows/alert-open-prs.yml linguist-generated +/.github/workflows/auto-approve.yml linguist-generated /.github/workflows/auto-close-community-issues.yml linguist-generated /.github/workflows/auto-close-community-prs.yml linguist-generated /.github/workflows/build.yml linguist-generated @@ -2762,6 +2800,40 @@ jobs: SLACK_WEBHOOK_URL: \${{ secrets.ALERT_PRS_SLACK_WEBHOOK_URL }} with: payload: "{\\"pr_links\\":\\"\${{ join(fromJSON(steps.old_prs.outputs.pr_links), ', ') }}\\"}" +", + ".github/workflows/auto-approve.yml": "# ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". + +name: auto-approve +on: + pull_request_target: + types: + - opened + - labeled + - ready_for_review + - reopened +jobs: + approve: + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + if: contains(github.event.pull_request.labels.*.name, 'auto-approve') && github.event.pull_request.draft == false + steps: + - name: Checkout PR + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + ref: \${{ github.event.pull_request.head.ref }} + repository: \${{ github.event.pull_request.head.repo.full_name }} + - name: Auto-approve PRs by other users as team-tf-cdk + if: github.event.pull_request.user.login != 'team-tf-cdk' && (contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.pull_request.author_association) || github.actor == 'dependabot[bot]') + env: + GH_TOKEN: \${{ secrets.PROJEN_GITHUB_TOKEN }} + run: gh pr review \${{ github.event.pull_request.number }} --approve + - name: Auto-approve PRs by team-tf-cdk as github-actions[bot] + if: github.event.pull_request.user.login == 'team-tf-cdk' + env: + GH_TOKEN: \${{ secrets.GITHUB_TOKEN }} + run: gh pr review \${{ github.event.pull_request.number }} --approve ", ".github/workflows/auto-close-community-issues.yml": "# ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". @@ -3293,7 +3365,7 @@ jobs: branch: auto/provider-upgrade title: "fix: upgrade provider from \`\${{ steps.current_version.outputs.value }}\` to version \`\${{ steps.new_version.outputs.value }}\`" body: This PR upgrades the underlying Terraform provider to version \${{ steps.new_version.outputs.value }} - labels: automerge + labels: automerge,auto-approve token: \${{ secrets.GH_TOKEN }} delete-branch: true committer: team-tf-cdk @@ -3807,7 +3879,7 @@ jobs: *Automatically created by projen via the "upgrade-main" workflow* branch: github-actions/upgrade-main title: "chore(deps): upgrade dependencies" - labels: automerge,dependencies + labels: automerge,auto-approve,dependencies body: |- Upgrades project dependencies. See details in [workflow run]. @@ -3876,6 +3948,7 @@ package-lock.json !/.github/workflows/provider-upgrade.yml !/LICENSE !/.github/ISSUE_TEMPLATE/config.yml +!/.github/workflows/auto-approve.yml !/.github/workflows/auto-close-community-issues.yml !/.github/workflows/auto-close-community-prs.yml !/.github/workflows/lock.yml @@ -4081,6 +4154,7 @@ scripts ".github/ISSUE_TEMPLATE/config.yml", ".github/pull_request_template.md", ".github/workflows/alert-open-prs.yml", + ".github/workflows/auto-approve.yml", ".github/workflows/auto-close-community-issues.yml", ".github/workflows/auto-close-community-prs.yml", ".github/workflows/build.yml", @@ -5398,6 +5472,7 @@ project { /.github/ISSUE_TEMPLATE/config.yml linguist-generated /.github/pull_request_template.md linguist-generated /.github/workflows/alert-open-prs.yml linguist-generated +/.github/workflows/auto-approve.yml linguist-generated /.github/workflows/auto-close-community-issues.yml linguist-generated /.github/workflows/auto-close-community-prs.yml linguist-generated /.github/workflows/build.yml linguist-generated @@ -5469,6 +5544,40 @@ jobs: SLACK_WEBHOOK_URL: \${{ secrets.ALERT_PRS_SLACK_WEBHOOK_URL }} with: payload: "{\\"pr_links\\":\\"\${{ join(fromJSON(steps.old_prs.outputs.pr_links), ', ') }}\\"}" +", + ".github/workflows/auto-approve.yml": "# ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". + +name: auto-approve +on: + pull_request_target: + types: + - opened + - labeled + - ready_for_review + - reopened +jobs: + approve: + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + if: contains(github.event.pull_request.labels.*.name, 'auto-approve') && github.event.pull_request.draft == false + steps: + - name: Checkout PR + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + ref: \${{ github.event.pull_request.head.ref }} + repository: \${{ github.event.pull_request.head.repo.full_name }} + - name: Auto-approve PRs by other users as team-tf-cdk + if: github.event.pull_request.user.login != 'team-tf-cdk' && (contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.pull_request.author_association) || github.actor == 'dependabot[bot]') + env: + GH_TOKEN: \${{ secrets.PROJEN_GITHUB_TOKEN }} + run: gh pr review \${{ github.event.pull_request.number }} --approve + - name: Auto-approve PRs by team-tf-cdk as github-actions[bot] + if: github.event.pull_request.user.login == 'team-tf-cdk' + env: + GH_TOKEN: \${{ secrets.GITHUB_TOKEN }} + run: gh pr review \${{ github.event.pull_request.number }} --approve ", ".github/workflows/auto-close-community-issues.yml": "# ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". @@ -5970,7 +6079,7 @@ jobs: branch: auto/provider-upgrade title: "fix: upgrade provider from \`\${{ steps.current_version.outputs.value }}\` to version \`\${{ steps.new_version.outputs.value }}\`" body: This PR upgrades the underlying Terraform provider to version \${{ steps.new_version.outputs.value }} - labels: automerge + labels: automerge,auto-approve token: \${{ secrets.GH_TOKEN }} delete-branch: true committer: team-tf-cdk @@ -6463,7 +6572,7 @@ jobs: *Automatically created by projen via the "upgrade-main" workflow* branch: github-actions/upgrade-main title: "chore(deps): upgrade dependencies" - labels: automerge,dependencies + labels: automerge,auto-approve,dependencies body: |- Upgrades project dependencies. See details in [workflow run]. @@ -6532,6 +6641,7 @@ package-lock.json !/.github/workflows/provider-upgrade.yml !/LICENSE !/.github/ISSUE_TEMPLATE/config.yml +!/.github/workflows/auto-approve.yml !/.github/workflows/auto-close-community-issues.yml !/.github/workflows/auto-close-community-prs.yml !/.github/workflows/lock.yml @@ -6737,6 +6847,7 @@ scripts ".github/ISSUE_TEMPLATE/config.yml", ".github/pull_request_template.md", ".github/workflows/alert-open-prs.yml", + ".github/workflows/auto-approve.yml", ".github/workflows/auto-close-community-issues.yml", ".github/workflows/auto-close-community-prs.yml", ".github/workflows/build.yml",