Skip to content

Commit

Permalink
add autoreview for helm release
Browse files Browse the repository at this point in the history
  • Loading branch information
ying-jeanne committed Dec 16, 2024
1 parent b27bad3 commit 394bb33
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 76 deletions.
26 changes: 0 additions & 26 deletions .github/workflows/allowlist.json

This file was deleted.

56 changes: 6 additions & 50 deletions .github/workflows/dependabot_reviewer.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,71 +12,27 @@ jobs:
dependabot-reviewer:
runs-on: ubuntu-latest

if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
if: ${{ github.event.pull_request.user.login == 'grafanabot' }}

steps:
- name: Checkout Repository
uses: actions/checkout@v4

- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@v2.2.0
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"

- name: Check allowlist
id: check-allowlist
if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
run: |
cfg_path=".github/workflows/allowlist.json"
IFS=', ' read -r -a libsUpdated <<< "${{ steps.metadata.outputs.dependency-names }}"
# Loop through the array to make sure all updated libraries are in the allowlist
all_in_allowlist="true"
reason_array=()
# If any element is not in the allowlist, set the flag to false
for lib in "${libsUpdated[@]}"; do
exists=$(jq --arg lib "$lib" 'any(.[]; .name == $lib)' $cfg_path)
if [[ "$exists" != "true" ]]; then
all_in_allowlist="false"
break
else
reason_array+=("$(jq -r --arg lib "$lib" '.[] | select(.name == $lib) | .reason' $cfg_path)")
fi
done
if [[ "$all_in_allowlist" == "true" ]]; then
reasons=$(IFS=','; echo "${reason_array[*]}")
echo "reasons=$reasons" >> $GITHUB_OUTPUT
echo "allInAllowlist=true" >> $GITHUB_OUTPUT
else
echo "allInAllowlist=false" >> $GITHUB_OUTPUT
fi
- name: Approve and auto-merge
if: steps.check-allowlist.conclusion == 'success' && steps.check-allowlist.outputs.allInAllowlist == 'true'
id: auto-merge
if: contains(github.ref, 'helm-chart-weekly-')
run: |
gh pr merge --auto --squash "$PR_URL"
gh pr review $PR_URL \
--approve -b "**I'm approving** this pull request because it includes a patch or minor \
update to dependencies that are already in the allowlist.
The reason this library is in the allowlist is that ${{ steps.check-allowlist.outputs.reasons}}"
--approve -b "**I'm approving** this pull request, since it is a helm release."
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GH_BOT_ACCESS_TOKEN}}

- name: Manual review is required
if: steps.check-allowlist.conclusion != 'success' || steps.check-allowlist.outputs.allInAllowlist == 'false'
if: steps.auto-merge.conclusion != 'success'
run: |
gh pr comment $PR_URL --body "**This library is not auto-approved**
Unfortunately, this library is a major version update or it is not included in our allowlist, which means it cannot be auto-approved. \
If you believe it should be considered for auto-approval, please open a pull request to add \
it to the allowlist configuration.
To add this library to the allowlist, please modify the [allowlist.json](https://github.com/grafana/mimir/tree/main/.github/workflows/allowlist.json) file and \
include the necessary details for review."
gh pr comment $PR_URL --body "**This PR from grafanabot requires manual review.**"
env:
PR_URL: ${{github.event.pull_request.html_url}}
Expand Down

0 comments on commit 394bb33

Please sign in to comment.