require-reviews: Make it a project to publish (#18699)

This will take over the Automattic/action-required-review repo.

Committed via a GitHub action: https://github.com/Automattic/jetpack/actions/runs/535190350

.github/workflows/readonly.yml

@@ -0,0 +1,25 @@
+name: Enforce read-only repo status
+
+on:
+  issues:
+    types: opened
+  pull_request_target:
+    types: opened
+
+jobs:
+  lockdown:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: dessant/repo-lockdown@v2
+        with:
+          github-token: ${{ github.token }}
+          issue-comment: |
+            Thank you for your interest!
+
+            Issues should be filed at https://github.com/Automattic/jetpack/issues. Be sure to mention the product that the issue is regarding.
+          skip-closed-issue-comment: true
+          pr-comment: |
+            Thank you for your interest!
+
+            Pull requests should be made against the monorepo at https://github.com/Automattic/jetpack.
+          skip-closed-pr-comment: true

README.md

@@ -1,28 +1,118 @@
-# Required Review 
+# GitHub Required Review Check
 
-This GitHub Action will check to see if the required reviewers have accepted the PR. Will fail status checks if not. 
+This [Github Action](https://github.com/features/actions) will check that required reviewers have
+accepted the PR, setting a status check accordingly.
 
-## Usage
-
-This Action subscribes to [Pull request review events](https://developer.github.com/v3/activity/events/types/#pullrequestreviewevent) which fire whenever pull requests are approved.
-
-It checks if the PR has been approved by a person from the "required review team", which is a value you must send it. 
+## Example
 
-Instructions on how to [get your GitHub Team ID](https://developer.github.com/v3/teams/#get-team-by-name).
+```yaml
+name: Required review check
+on:
+  pull_request_review:
+  pull_request:
+    types: [ opened, reopened, synchronize ]
 
-```workflow
-on: pull_request_review
-name: Check required reviews
 jobs:
-  check_required_reviews:
-    name: Required review
+  check:
+    name: Checking required reviews
     runs-on: ubuntu-latest
+
+    # GitHub should provide a "pull_request_review_target", but they don't and
+    # the action will fail if run on a forked PR.
+    if: github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name
+
     steps:
-    - name: Check for required review approval
-      uses: automattic/action-required-review@master
-      env:
-        REQUIRED_REVIEW_TEAM_ID: "12345"
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        STATUS_CONTEXT: "Your custom status context." (optional. defaults to "Required review")
+      - uses: Automattic/action-required-review@v2
+        with:
+          requirements: |
+            - paths: unmatched
+              teams:
+                - maintenance
+```
+
+## Usage
+
+This action is intended to be triggered by the `pull_request_review` event.
+
+```yaml
+- uses: Automattic/action-required-review
+  with:
+    # Specify the requirements as a YAML string. See below for the format of this string.
+    # The easiest way to generate this is probably to write your YAML, then put the `|`
+    # after the key to make it a string.
+    requirements: |
+      - name: Docs
+        paths:
+         - 'docs/'
+        teams:
+          - documentation
+
+      - name: Everything else
+        paths: unmatched
+        teams:
+          - maintenance
+
+    # Specify the path to the requirements file. See below for the format of
+    # this file.
+    requirements-file: .github/required-review.yaml
+
+    # Specify the "context" for the status to set. This is what shows up in the
+    # PR's checks list.
+    status: Required review
+
+    # Personal access token used to fetch the list of changed files from Github
+    # REST API, and to submit the status check.
+    token: ${{ github.token }}
 ```
 
+## Requirements Format
+
+The requirements consist of an array of requirement objects. A requirement object has the following keys:
+
+* `name` is an optional informative name for the requirement.
+* `paths` is an array of path patterns, or the string "unmatched". If an array, the reviewers
+  specified will be checked if any path in the array matches any path in the PR. If the string
+  "unmatched", the reviewers are checked if any file in the PR has not been matched yet.
+* `teams` is an array of strings that are GitHub team slugs in the organization or repository. A
+  review is required from a member of any of these teams.
+
+  Instead of a string, a single-keyed object may be specified. The key is either `all-of` or
+  `any-of`, and the value is an array as for `teams`. When the key is `all-of`, a review is required
+  from every team (but if a person is a member of multiple teams, they can satisfy multiple
+  requirements). When it's `any-of`, one review from any team is needed.
+
+Paths are matched using the [picomatch](https://www.npmjs.com/package/picomatch#globbing-features) library.
+
+Every requirement object that applies must have appropriate reviews, it's not "first match". Thus,
+using the example below, a PR touching file at docs/foo.css would need reviews satisfying both
+the "Docs" and "Front end" review requirements. If you wanted to avoid that, you might add
+`!**.css` to the first's paths or `!docs/**` to the second's.
+
+### Example
+
+```yaml
+# Documentation must be reviewed by the documentation team.
+- name: Docs
+  paths:
+   - 'docs/**'
+  teams:
+   - documentation
+
+# Any CSS and React .jsx files must be reviewed by a front-end developer AND by a designer,
+# OR by a member of the maintenance team.
+- name: Front end
+  paths:
+   - '**.jsx'
+   - '**.css'
+  teams:
+   - all-of:
+      - front-end
+      - design
+   - maintenance
+
+# All other files must be reviewed by the maintenance team.
+- name: Misc
+  paths: unmatched
+  teams:
+    - maintenance
+```

action.yml

@@ -0,0 +1,30 @@
+name: Required review
+description: Check that a PR has reviews from required teams.
+inputs:
+  requirements:
+    description: >
+      Requirements, as a string containing YAML.
+      Either this or `requirements-file` is required.
+    required: false
+  requirements-file:
+    description: >
+      Requirements file.
+      Either this or `requirements` is required.
+    required: false
+  status:
+    description: Status context for the status check.
+    required: false
+    default: Required review
+  token:
+    description: >
+      GitHub Access Token. The user associated with this token will show up
+      as the "creator" of the status check, and must have access to read your
+      organization's teams.
+    required: false
+    default: ${{ github.token }}
+runs:
+  using: node12
+  main: dist/index.js
+branding:
+  color: green
+  icon: user-check

composer.json

@@ -0,0 +1,16 @@
+{
+	"name": "automattic/action-required-review",
+	"description": "GitHub Action to check that required reviewers have accepted the PR, setting a status check accordingly.",
+	"type": "project",
+	"license": "GPL-2.0-or-later",
+	"require": {},
+	"scripts": {
+		"build-development": [
+			"yarn install",
+			"yarn build"
+		]
+	},
+	"extra": {
+		"mirror-repo": "Automattic/action-required-review"
+	}
+}