[VI-739] Updating token exchanged session attributes so that exchanged session has proper expiration times #15777
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Require backend-review-group approval | |
on: | |
pull_request: | |
types: [opened, reopened, review_requested, synchronize, ready_for_review] | |
pull_request_review: | |
types: [submitted] | |
jobs: | |
check-approval-requirements: | |
permissions: write-all | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4.0.2 | |
with: | |
aws-access-key-id: ${{ secrets.aws_access_key_id }} | |
aws-secret-access-key: ${{ secrets.aws_secret_access_key }} | |
aws-region: "us-gov-west-1" | |
- name: Get bot token from Parameter Store | |
uses: marvinpinto/action-inject-ssm-secrets@latest | |
with: | |
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | |
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | |
# Find Backend Labels, Approvals and Comments | |
- name: Find Approval Comment | |
uses: peter-evans/find-comment@v3 | |
id: find_backend_approval_comment | |
with: | |
issue-number: ${{ github.event.pull_request.number }} | |
body-includes: Backend-review-group approval confirmed. | |
- name: Get backend-review-group members | |
if: contains(github.event.pull_request.labels.*.name, 'require-backend-approval') | |
id: get_team_members | |
uses: octokit/request-action@v2.x | |
with: | |
route: GET /orgs/department-of-veterans-affairs/teams/backend-review-group/members | |
env: | |
GITHUB_TOKEN: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }} | |
- name: Check backend-review-group approval status | |
if: contains(github.event.pull_request.labels.*.name, 'require-backend-approval') | |
id: check_backend_review_group_approval_status | |
uses: octokit/request-action@v2.x | |
with: | |
route: GET /repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number || github.event.pull_request_review.pull_request.number }}/reviews | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Verify backend-review-group approval | |
if: contains(github.event.pull_request.labels.*.name, 'require-backend-approval') | |
id: verify_approval | |
run: | | |
BACKEND_REVIEWERS=$(cat <<'EOF' | jq -r '.[].login' | tr '\n' '|' | sed 's/|$//' | |
${{ steps.get_team_members.outputs.data }} | |
EOF | |
) | |
APPROVALS=$(cat <<'EOF' | jq -r '.[] | select(.state == "APPROVED") | .user.login' | grep -iE "$BACKEND_REVIEWERS" | wc -l | |
${{ steps.check_backend_review_group_approval_status.outputs.data }} | |
EOF | |
) | |
echo "Number of backend-review-group approvals: $APPROVALS" | |
if [ "$APPROVALS" -eq 0 ]; then | |
echo "approval_status=required" >> $GITHUB_OUTPUT | |
exit 1 | |
else | |
echo "approval_status=confirmed" >> $GITHUB_OUTPUT | |
fi | |
- name: Comment PR - Approval Confirmed | |
if: success() && steps.verify_approval.outputs.approval_status == 'confirmed' && steps.find_backend_approval_comment.outputs.comment-id == '' | |
uses: peter-evans/create-or-update-comment@v4 | |
with: | |
issue-number: ${{ github.event.pull_request.number }} | |
body: "Backend-review-group approval confirmed." | |
- name: Remove ready-for-review label | |
if: success() && steps.verify_approval.outputs.approval_status == 'confirmed' && contains(github.event.pull_request.labels.*.name, 'ready-for-backend-review') | |
uses: actions-ecosystem/action-remove-labels@v1 | |
with: | |
number: ${{ github.event.pull_request.number }} | |
labels: | | |
ready-for-backend-review |