Skip to content

Commit

Permalink
Merge pull request #26 from joshjohanning/check-team-exists
Browse files Browse the repository at this point in the history
Check if team exists
  • Loading branch information
joshjohanning authored Dec 3, 2023
2 parents 238104c + edea4fd commit caad905
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 11 deletions.
32 changes: 25 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ jobs:
if: contains(github.event.comment.body, '/do-stuff')

steps:
# get the app's installation token
- uses: actions/create-github-app-token@v1
id: app-token
with:
Expand All @@ -29,16 +28,28 @@ jobs:
uses: joshjohanning/approveops@v2
id: check-approval
with:
token: ${{ steps.app-token.outputs.token }} # use a github app token or a PAT
approve-command: '/approve' # defaults to '/approve', the command to look for in the comments
team-name: 'approver-team' # the name of the team in GitHub to check for the approval command; e.g.: approver-team
fail-if-approval-not-found: true # defaults to true, fail the action (show the action run as red) if the command is not found in the comments from someone in the approver team"
post-successful-approval-comment: false # defaults to true, whether to post successful approval comment
successful-approval-comment: ':tada: You were able to run the workflow because someone left an approval in the comments!! :tada:' # Optional, only if post-successful-approval-comment is true, comment to post if an approval is found
token: ${{ steps.app-token.outputs.token }}
approve-command: '/approve'
team-name: 'approver-team'
fail-if-approval-not-found: true
post-successful-approval-comment: false
```
### Inputs
| Name | Description | Required | Default |
| --- | --- | --- | --- |
| `token` | GitHub App installation token or PAT that has access to read+write comments and list the team's membership | `true` | `''` |
| `approve-command` | The approval command to look for in the comments | `true` | `/approve` |
| `team-name` | The name of the team in GitHub to check for the approval command, e.g. `approver-team` | `true` | `''` |
| `fail-if-approval-not-found` | Fail the action (show the action run as red) if the command is not found in the comments from someone in the approver team | `true` | `true` |
| `post-successful-approval-comment` | Whether to post successful approval comment | `true` | `true` |
| `successful-approval-comment` | Comment to post if an approval is found | `true` | `':tada: You were able to run the workflow because someone left an approval in the comments!!'` |

## Prerequisites

### Team and Authentication

1. Create a GitHub team and add at least one member
2. Authentication options:
- GitHub App
Expand All @@ -62,6 +73,13 @@ Notes:
- A Personal Access Token (PAT) is not used since we want the comment to show as from a bot
- The `github.token` is not used since the token can't provide hyperlinks for @ mentions since it doesn't have the scope for org teams, only repository data

### Runner Software Requirements

Required software installed on runner:

- [`gh` (GitHub CLI)](https://cli.github.com/)
- [`jq`](https://jqlang.github.io/jq/download/)

## Breaking Changes

### v1 to v2
Expand Down
20 changes: 16 additions & 4 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ inputs:
required: true
token:
description: "GitHub App installation token or PAT that has access to read the comments and check the org team's membership"
default: ${{ github.token }} # this doesn't allow tagging of the approval team; better to use GitHub App
required: true
default: ${{ github.token }} # this doesn't allow tagging of the approval team; better to use GitHub App
fail-if-approval-not-found:
description: "Fail the action (i.e. show the action run as red) if the command is not found in the comments from someone in the approver team"
required: true
Expand All @@ -28,7 +28,7 @@ inputs:
successful-approval-comment:
description: "Comment to post if an approval is found"
required: true
default: ":tada: You were able to run the workflow because someone left an approval in the comments!! :tada:"
default: ":tada: You were able to run the workflow because someone left an approval in the comments!!"

outputs:
approved:
Expand All @@ -45,10 +45,22 @@ runs:
shell: bash
run: |
# "checking for a ${{ inputs.approve-command }} command in the comments from someone in the ${{ inputs.team-name}} team"
users=$(gh api --paginate '/orgs/${{ github.repository_owner }}/teams/${{ inputs.team-name }}/members' | jq -c '.[].login')
# prerequisite check
for cmd in gh jq; do
if ! command -v $cmd &> /dev/null; then
echo "::error title=${cmd} not installed::Could not find \`${cmd}\` on the runner"
exit 1
fi
done
# checking team and getting team membership"
echo "getting team membership for the team: @${{ github.repository_owner }}/${{ inputs.team-name }} ..."
users=$(gh api --paginate '${{ github.event.organization.url }}/teams/${{ inputs.team-name }}/members' --jq '.[].login' 2> /dev/null) || { echo "::error title=Team doesn't exist or token doesn't have access::The ${{ inputs.team-name }} team doesn't exist or the token doesn't have access to it"; exit 1; }
approveCommand="${{ inputs.approve-command }}"
authorized=false
comments=$(gh api --paginate '${{ github.event.comment.issue_url }}/comments')
comments=$(gh api --paginate ${{ github.event.issue.comments_url }})
for comment in $(echo $comments | jq -r '.[] | @base64'); do
body=$(echo $comment | base64 --decode | jq -r '.body' | tr -d ' ' | tr -d '\r\n')
actor=$(echo $comment | base64 --decode | jq -r '.user.login')
Expand Down

0 comments on commit caad905

Please sign in to comment.