Skip to content

fix(github-actions): use two Github clients for post approval changes #1066

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

fix(github-actions): use two Github clients for post approval changes #1066

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
99c16cb
fix(github-actions): use two Github clients for post approval changes
josephperrott Mar 13, 2023
6fb4c13
fixup! fix(github-actions): use two Github clients for post approval …
josephperrott Mar 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 30 additions & 11 deletions github-actions/post-approval-changes/lib/main.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,31 +8,46 @@ import {ANGULAR_ROBOT, getAuthTokenFor, revokeActiveInstallationToken} from '../
const googleOwnedRobots = ['angular-robot'];

async function main() {
let installationClient: Octokit | null = null;
let repoClient: Octokit | null = null;
let googlersOrgClient: Octokit | null = null;

try {
// Use the `.github` repo from googlers to get an installation that has access to the googlers
// user membership.
const token = await getAuthTokenFor(ANGULAR_ROBOT, {owner: 'googlers', repo: '.github'});
installationClient = new Octokit({auth: token});
const googlersOrgToken = await getAuthTokenFor(ANGULAR_ROBOT, {
owner: 'googlers',
repo: '.github',
});
googlersOrgClient = new Octokit({auth: googlersOrgToken});

await runPostApprovalChangesAction(installationClient);
// Use the `.github` repo from googlers to get an installation that has access to the googlers
// user membership.
const repoToken = await getAuthTokenFor(ANGULAR_ROBOT, context.repo);
repoClient = new Octokit({auth: repoToken});

await runPostApprovalChangesAction(googlersOrgClient, repoClient);
} finally {
if (installationClient !== null) {
await revokeActiveInstallationToken(installationClient);
if (googlersOrgClient !== null) {
await revokeActiveInstallationToken(googlersOrgClient);
}
if (repoClient !== null) {
await revokeActiveInstallationToken(repoClient);
}
}
}

async function runPostApprovalChangesAction(client: Octokit): Promise<void> {
async function runPostApprovalChangesAction(
googlersOrgClient: Octokit,
repoClient: Octokit,
): Promise<void> {
if (context.eventName !== 'pull_request_target') {
throw Error('This action can only run for with pull_request_target events');
}
const {pull_request: pr} = context.payload as PullRequestEvent;

const actionUser = context.actor;

if (await isGooglerOrgMember(client, actionUser)) {
if (await isGooglerOrgMember(googlersOrgClient, actionUser)) {
core.info(
'Action performed by an account in the Googler Github Org, skipping as post approval changes are allowed.',
);
Expand Down Expand Up @@ -60,7 +75,11 @@ async function runPostApprovalChangesAction(client: Octokit): Promise<void> {
const pull_number = context.issue.number;

/** List of reviews for the pull request. */
const allReviews = await client.paginate(client.pulls.listReviews, {owner, pull_number, repo});
const allReviews = await repoClient.paginate(repoClient.pulls.listReviews, {
owner,
pull_number,
repo,
});
/** Set of reviewers whose latest review has already been processed. */
const knownReviewers = new Set<string>();
/** The latest approving reviews for each reviewer on the pull request. */
Expand All @@ -74,7 +93,7 @@ async function runPostApprovalChangesAction(client: Octokit): Promise<void> {
continue;
}
// Only consider reviews by Googlers for this check.
if (!(await isGooglerOrgMember(client, user))) {
if (!(await isGooglerOrgMember(googlersOrgClient, user))) {
continue;
}
knownReviewers.add(user);
Expand Down Expand Up @@ -104,7 +123,7 @@ async function runPostApprovalChangesAction(client: Octokit): Promise<void> {

const reviewToRerequest = reviews[0];
core.info(`Requesting a new review from ${reviewToRerequest.user!.login}`);
await client.pulls.requestReviewers({
await repoClient.pulls.requestReviewers({
owner,
pull_number,
repo,
Expand Down
35 changes: 24 additions & 11 deletions github-actions/post-approval-changes/main.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23368,25 +23368,34 @@ async function revokeActiveInstallationToken(githubOrToken) {
//
var googleOwnedRobots = ["angular-robot"];
async function main() {
let installationClient = null;
let repoClient = null;
let googlersOrgClient = null;
try {
const token = await getAuthTokenFor(ANGULAR_ROBOT, { owner: "googlers", repo: ".github" });
installationClient = new import_rest2.Octokit({ auth: token });
await runPostApprovalChangesAction(installationClient);
const googlersOrgToken = await getAuthTokenFor(ANGULAR_ROBOT, {
owner: "googlers",
repo: ".github"
});
googlersOrgClient = new import_rest2.Octokit({ auth: googlersOrgToken });
const repoToken = await getAuthTokenFor(ANGULAR_ROBOT, import_github2.context.repo);
repoClient = new import_rest2.Octokit({ auth: repoToken });
await runPostApprovalChangesAction(googlersOrgClient, repoClient);
} finally {
if (installationClient !== null) {
await revokeActiveInstallationToken(installationClient);
if (googlersOrgClient !== null) {
await revokeActiveInstallationToken(googlersOrgClient);
}
if (repoClient !== null) {
await revokeActiveInstallationToken(repoClient);
}
}
}
async function runPostApprovalChangesAction(client) {
async function runPostApprovalChangesAction(googlersOrgClient, repoClient) {
var _a;
if (import_github2.context.eventName !== "pull_request_target") {
throw Error("This action can only run for with pull_request_target events");
}
const { pull_request: pr } = import_github2.context.payload;
const actionUser = import_github2.context.actor;
if (await isGooglerOrgMember(client, actionUser)) {
if (await isGooglerOrgMember(googlersOrgClient, actionUser)) {
core.info("Action performed by an account in the Googler Github Org, skipping as post approval changes are allowed.");
return;
}
Expand All @@ -23402,15 +23411,19 @@ async function runPostApprovalChangesAction(client) {
}
const { repo, owner } = import_github2.context.issue;
const pull_number = import_github2.context.issue.number;
const allReviews = await client.paginate(client.pulls.listReviews, { owner, pull_number, repo });
const allReviews = await repoClient.paginate(repoClient.pulls.listReviews, {
owner,
pull_number,
repo
});
const knownReviewers = /* @__PURE__ */ new Set();
const reviews = [];
for (let review of allReviews.concat().reverse()) {
const user = review.user.login;
if (knownReviewers.has(user)) {
continue;
}
if (!await isGooglerOrgMember(client, user)) {
if (!await isGooglerOrgMember(googlersOrgClient, user)) {
continue;
}
knownReviewers.add(user);
Expand All @@ -23435,7 +23448,7 @@ async function runPostApprovalChangesAction(client) {
}
const reviewToRerequest = reviews[0];
core.info(`Requesting a new review from ${reviewToRerequest.user.login}`);
await client.pulls.requestReviewers({
await repoClient.pulls.requestReviewers({
owner,
pull_number,
repo,
Expand Down