From 86ccea4e699d92f8e917d0fc99a285efa1e404bc Mon Sep 17 00:00:00 2001 From: Ying WANG Date: Mon, 16 Dec 2024 12:18:53 +0100 Subject: [PATCH 1/2] add autoreview for helm release --- .github/workflows/allowlist.json | 26 ----------- .github/workflows/dependabot_reviewer.yml | 56 +++-------------------- 2 files changed, 6 insertions(+), 76 deletions(-) delete mode 100644 .github/workflows/allowlist.json diff --git a/.github/workflows/allowlist.json b/.github/workflows/allowlist.json deleted file mode 100644 index 5b4cc323e94..00000000000 --- a/.github/workflows/allowlist.json +++ /dev/null @@ -1,26 +0,0 @@ -[ - { - "name": "sigs.k8s.io/kustomize/kyaml", - "reason": "the library is only used for CI not in production" - }, - { - "name": "github.com/xlab/treeprint", - "reason": "the library is only used in tests" - }, - { - "name": "github.com/aws/aws-sdk-go", - "reason": "the library is quite stable" - }, - { - "name": "github.com/stretchr/testify", - "reason": "the library is only used in tests" - }, - { - "name": "github.com/hashicorp/golang-lru/v2", - "reason": "stable library, getting bugfixes" - }, - { - "name": "github.com/google/uuid", - "reason": "stable library, getting bugfixes" - } -] \ No newline at end of file diff --git a/.github/workflows/dependabot_reviewer.yml b/.github/workflows/dependabot_reviewer.yml index 03bbf286321..1285e6f1d30 100644 --- a/.github/workflows/dependabot_reviewer.yml +++ b/.github/workflows/dependabot_reviewer.yml @@ -12,71 +12,27 @@ jobs: dependabot-reviewer: runs-on: ubuntu-latest - if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} + if: ${{ github.event.pull_request.user.login == 'grafanabot' }} steps: - name: Checkout Repository uses: actions/checkout@v4 - - name: Dependabot metadata - id: metadata - uses: dependabot/fetch-metadata@v2.2.0 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - - name: Check allowlist - id: check-allowlist - if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' - run: | - cfg_path=".github/workflows/allowlist.json" - IFS=', ' read -r -a libsUpdated <<< "${{ steps.metadata.outputs.dependency-names }}" - # Loop through the array to make sure all updated libraries are in the allowlist - all_in_allowlist="true" - reason_array=() - - # If any element is not in the allowlist, set the flag to false - for lib in "${libsUpdated[@]}"; do - exists=$(jq --arg lib "$lib" 'any(.[]; .name == $lib)' $cfg_path) - if [[ "$exists" != "true" ]]; then - all_in_allowlist="false" - break - else - reason_array+=("$(jq -r --arg lib "$lib" '.[] | select(.name == $lib) | .reason' $cfg_path)") - fi - done - - if [[ "$all_in_allowlist" == "true" ]]; then - reasons=$(IFS=','; echo "${reason_array[*]}") - echo "reasons=$reasons" >> $GITHUB_OUTPUT - echo "allInAllowlist=true" >> $GITHUB_OUTPUT - else - echo "allInAllowlist=false" >> $GITHUB_OUTPUT - fi - - name: Approve and auto-merge - if: steps.check-allowlist.conclusion == 'success' && steps.check-allowlist.outputs.allInAllowlist == 'true' + id: auto-merge + if: contains(github.event.pull_request.head.ref, 'helm-chart-weekly-') run: | gh pr merge --auto --squash "$PR_URL" gh pr review $PR_URL \ - --approve -b "**I'm approving** this pull request because it includes a patch or minor \ - update to dependencies that are already in the allowlist. - - The reason this library is in the allowlist is that ${{ steps.check-allowlist.outputs.reasons}}" + --approve -b "**I'm approving** this pull request, since it is a helm release." env: PR_URL: ${{github.event.pull_request.html_url}} GITHUB_TOKEN: ${{secrets.GH_BOT_ACCESS_TOKEN}} - name: Manual review is required - if: steps.check-allowlist.conclusion != 'success' || steps.check-allowlist.outputs.allInAllowlist == 'false' + if: steps.auto-merge.conclusion != 'success' run: | - gh pr comment $PR_URL --body "**This library is not auto-approved** - - Unfortunately, this library is a major version update or it is not included in our allowlist, which means it cannot be auto-approved. \ - If you believe it should be considered for auto-approval, please open a pull request to add \ - it to the allowlist configuration. - - To add this library to the allowlist, please modify the [allowlist.json](https://github.com/grafana/mimir/tree/main/.github/workflows/allowlist.json) file and \ - include the necessary details for review." + gh pr comment $PR_URL --body "**This PR from grafanabot requires manual review.**" env: PR_URL: ${{github.event.pull_request.html_url}} From f170662d13129fbdc08acc6a47fc0c0377c8356a Mon Sep 17 00:00:00 2001 From: Ying WANG Date: Mon, 16 Dec 2024 14:45:22 +0100 Subject: [PATCH 2/2] change action name --- .../{dependabot_reviewer.yml => grafanabot_reviewer.yml} | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) rename .github/workflows/{dependabot_reviewer.yml => grafanabot_reviewer.yml} (83%) diff --git a/.github/workflows/dependabot_reviewer.yml b/.github/workflows/grafanabot_reviewer.yml similarity index 83% rename from .github/workflows/dependabot_reviewer.yml rename to .github/workflows/grafanabot_reviewer.yml index 1285e6f1d30..00ba6560ce1 100644 --- a/.github/workflows/dependabot_reviewer.yml +++ b/.github/workflows/grafanabot_reviewer.yml @@ -1,7 +1,4 @@ -# Auto-merge as documented in official Github docs -# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions - -name: Auto-review Dependabot PRs +name: Auto-review Grafanabot PRs on: pull_request_target permissions: