Enforce Tiered Approvals #320

Workflow file for this run

.github/workflows/approvals.yml at c17ca81

	name: Enforce Tiered Approvals

	on:
	pull_request_review:

	env:
	TIER2_REVIEWERS: "jstjohn,trvachov,pstjohn"

	jobs:
	enforce_tiered_approvals:
	runs-on: ubuntu-latest

	steps:
	- name: Get PR reviews
	id: get_reviews
	uses: actions/github-script@v6
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	script: \|
	const { data: reviews } = await github.rest.pulls.listReviews({
	owner: context.repo.owner,
	repo: context.repo.repo,
	pull_number: context.payload.pull_request.number,
	});

	const latestReviews = {};
	for (const review of reviews) {
	latestReviews[review.user.login] = review.state;
	}

	console.log('Latest Reviews:', latestReviews);

	const approvedUsers = Object.keys(latestReviews).filter(user => latestReviews[user] === 'APPROVED');

	core.setOutput('approvedUsers', approvedUsers.join(','));

	- name: Check +2 approvals (global tier)
	id: check_tier2
	run: \|
	echo "Checking for +2 approvals..."
	APPROVED_USERS="${{ steps.get_reviews.outputs.approvedUsers }}"

	TIER2_APPROVED=false

	echo "Approved Users: $APPROVED_USERS"
	echo "Tier 2 Reviewers: $TIER2_REVIEWERS"

	IFS=',' read -ra reviewer_array <<< "$TIER2_REVIEWERS"
	# Iterate over approved users and compare with cleaned TIER2_REVIEWERS
	for USER in ${APPROVED_USERS//,/ }; do
	echo "Checking approved USER: $USER"
	for REVIEWER in "${reviewer_array[@]}"; do
	echo "Comparing USER: $USER with REVIEWER: $REVIEWER"
	if [[ "$USER" == "$REVIEWER" ]]; then
	TIER2_APPROVED=true
	break 2
	fi
	done
	done

	if [[ "$TIER2_APPROVED" == "true" ]]; then
	echo "A +2 reviewer has approved the pull request."
	else
	echo "No +2 reviewer has approved the pull request."
	exit 1
	fi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enforce Tiered Approvals #320

Workflow file

Enforce Tiered Approvals #320

Jobs

Run details

Workflow file for this run