Skip to content

Commit

Permalink
chore: simplify auto approve mechanism (#17264)
Browse files Browse the repository at this point in the history
Currently, PR's are auto approved if they either:

1. Contain the `pr/auto-approve` label.
2. Created by `dependabot`
3. Created by `aws-cdk-automation`

This is somewhat convoluted, and complicates the responsibility of the `auto-approve` workflow. 
In addition, this makes it impossible to formulate a single GitHub query to lookup all automated PR's that we expect to be approved and merged without human intervention. 

This PR switches to a simpler mechanism, by which the `auto-approve` workflow will **only** approve PR's that contain the appropriate label, forcing all PR creators to add the label if they wish to be auto-approved.

This means we can now use a simple `label:pr/auto-approve` query to find all those automated PR's.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
iliapolo authored Nov 1, 2021
1 parent d658525 commit 606a2d3
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 5 deletions.
6 changes: 1 addition & 5 deletions .github/workflows/auto-approve.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,7 @@ on:

jobs:
auto-approve:
if: >
github.event.pull_request.user.login == 'dependabot[bot]'
|| github.event.pull_request.user.login == 'dependabot-preview[bot]'
|| (contains(github.event.pull_request.labels.*.name, 'pr/auto-approve')
&& github.event.pull_request.user.login == 'aws-cdk-automation')
if: contains(github.event.pull_request.labels.*.name, 'pr/auto-approve')
runs-on: ubuntu-latest
permissions:
pull-requests: write
Expand Down
17 changes: 17 additions & 0 deletions .github/workflows/pr-labeler.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Apply various labels on PRs

name: pr-labeler
on:
pull_request:
types: [ opened ]

jobs:
auto-approve:
if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'dependabot-preview[bot]'
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- run: gh pr edit ${{ github.event.pull_request.number }} --add-label "pr/auto-approve" -R ${{ github.repository }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

0 comments on commit 606a2d3

Please sign in to comment.