Automated PRs Manager #939
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Automated PRs Manager | |
on: | |
schedule: | |
- cron: "0 */6 * * *" # every 6 hours | |
workflow_dispatch: {} | |
jobs: | |
list-prs: | |
runs-on: ubuntu-latest | |
outputs: | |
prs: ${{ steps.list-prs.outputs.prs }} | |
env: | |
GH_TOKEN: ${{ secrets.REPLICATED_GH_PAT }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: List PRs | |
id: list-prs | |
run: | | |
set -euo pipefail | |
# list prs that are less than 24h old and exclude prs from forks | |
dependabot_prs=$( | |
gh pr list \ | |
--author 'dependabot[bot]' \ | |
--json url,createdAt,headRefName,headRepository,headRepositoryOwner \ | |
-q '.[] | select((.createdAt | fromdateiso8601 > now - 24*60*60) and .headRepositoryOwner.login == "replicatedhq" and .headRepository.name == "kots")' | |
) | |
replicated_ci_kots_prs=$( | |
gh pr list \ | |
--author 'replicated-ci-kots' \ | |
--json url,createdAt,headRefName,headRepository,headRepositoryOwner \ | |
-q '.[] | select((.createdAt | fromdateiso8601 > now - 24*60*60) and .headRepositoryOwner.login == "replicatedhq" and .headRepository.name == "kots")' | |
) | |
prs=$(echo "$dependabot_prs" "$replicated_ci_kots_prs" | jq -sc '. | unique') | |
echo "prs=$prs" >> "$GITHUB_OUTPUT" | |
process-prs: | |
needs: list-prs | |
runs-on: ubuntu-latest | |
if: needs.list-prs.outputs.prs != '[]' | |
strategy: | |
matrix: | |
pr: ${{ fromJson(needs.list-prs.outputs.prs) }} | |
fail-fast: false | |
max-parallel: 1 | |
env: | |
GH_TOKEN: ${{ secrets.REPLICATED_GH_PAT }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ matrix.pr.headRefName }} | |
- name: Process PR | |
run: | | |
set -euo pipefail | |
echo "Ensuring required labels..." | |
gh pr edit "${{ matrix.pr.url }}" --add-label "type::security" | |
echo "Checking status of tests..." | |
run_id=$(gh run list --branch "${{ matrix.pr.headRefName }}" --workflow build-test --limit 1 --json databaseId -q '.[0].databaseId') | |
# If there are still pending jobs, skip. | |
num_of_pending_jobs=$(gh run view "$run_id" --json jobs -q '.jobs[] | select(.conclusion == "") | .name' | wc -l) | |
if [ "$num_of_pending_jobs" -gt 0 ]; then | |
echo "There are still pending jobs. Skipping." | |
exit 0 | |
fi | |
# If all tests and required checks passed, approve and merge. | |
if gh run view "$run_id" --json jobs -q '.jobs[] | select(.name == "validate-success") | .conclusion' | grep -q "success"; then | |
if gh pr checks "${{ matrix.pr.url }}" --required; then | |
echo "All tests and required checks passed. Approving and merging." | |
echo -e "LGTM :thumbsup: \n\nThis PR was automatically approved and merged by the [automated-prs-manager](https://github.com/replicatedhq/kots/blob/main/.github/workflows/automated-prs-manager.yaml) GitHub action" > body.txt | |
gh pr review --approve "${{ matrix.pr.url }}" --body-file body.txt | |
sleep 10 | |
gh pr merge --auto --squash "${{ matrix.pr.url }}" | |
exit 0 | |
else | |
echo "All tests passed, but some required PR checks have not. Skipping." | |
exit 0 | |
fi | |
fi | |
# If more than half of the validate-* jobs are successful, re-run the failed jobs. | |
num_of_jobs=$(gh run view "$run_id" --json jobs -q '.jobs[] | select(.name | startswith("validate-")) | .name' | wc -l) | |
num_of_successful_jobs=$(gh run view "$run_id" --json jobs -q '.jobs[] | select((.name | startswith("validate-")) and (.conclusion == "success")) | .name' | wc -l) | |
if [ "$num_of_successful_jobs" -gt $((num_of_jobs / 2)) ]; then | |
echo "More than half of the validate-* jobs are successful. Re-running failed jobs." | |
gh run rerun "$run_id" --failed | |
exit 0 | |
fi | |
echo "Less than half of the validate-* jobs are successful. Skipping." |