Skip to content

Backend PR Labeler #2317

Backend PR Labeler

Backend PR Labeler #2317

name: Backend PR Labeler
on:
pull_request:
types: [opened, reopened, review_requested, review_request_removed, ready_for_review, converted_to_draft, labeled, unlabeled]
pull_request_review:
types: [submitted]
workflow_run:
workflows:
- "Code Checks"
types: [completed]
jobs:
get-pr-data:
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
outputs:
pr_number: ${{ steps.get_pr_data.outputs.pr_number }}
pr_draft: ${{ steps.get_pr_data.outputs.pr_draft }}
pr_labels: ${{ steps.get_pr_data.outputs.pr_labels }}
pr_requested_teams: ${{ steps.get_pr_data.outputs.pr_requested_teams }}
steps:
- name: Get pull_request data
id: get_pr_data
run: |
if ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_review'}}; then
echo "pr_number=${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT
echo "pr_draft=${{ github.event.pull_request.draft }}" >> $GITHUB_OUTPUT
echo "pr_labels=$(echo '${{ toJSON(github.event.pull_request.labels.*.name) }}' | jq -c '.')" >> $GITHUB_OUTPUT
echo "pr_requested_teams=$(echo '${{ toJSON(github.event.pull_request.requested_teams.*.name) }}' | jq -c '.')" >> $GITHUB_OUTPUT
elif ${{ github.event_name == 'workflow_run' }}; then
if ${{ github.event.workflow_run.event == 'push' }}; then
echo "Workflow was triggered by push to ${{ github.event.workflow_run.head_branch }}. Labeling not required."
exit 0
elif ${{ toJSON(github.event.workflow_run.pull_requests) != '[]' }}; then
PR_NUMBER="${{ github.event.workflow_run.pull_requests[0].number }}"
echo "pr_number=${PR_NUMBER}" >> $GITHUB_OUTPUT
# Fetch PR details from GitHub API
PR_INFO=$(gh api /repos/${{ github.repository }}/pulls/${PR_NUMBER} --jq '{
draft: .draft,
labels: [.labels[].name],
requested_teams: [.requested_teams[].slug]
}')
# Extract and store individual fields
echo "pr_draft=$(echo "$PR_INFO" | jq -r '.draft')" >> $GITHUB_OUTPUT
echo "pr_labels=$(echo "$PR_INFO" | jq -c '.labels')" >> $GITHUB_OUTPUT
echo "pr_requested_teams=$(echo "$PR_INFO" | jq -c '.requested_teams')" >> $GITHUB_OUTPUT
else
echo "Workflow run has no associated pull requests. Labeling not performed."
exit 0
fi
else
echo "event_name: ${{ github.event_name }}"
echo "Pull Request not successfully retrieved."
exit 1
fi
- name: Echo PR data
if: ${{ steps.get_pr_data.outputs.pr_number != '' }}
run: |
echo "pr_number: ${{ steps.get_pr_data.outputs.pr_number }}"
echo "pr_draft: ${{ steps.get_pr_data.outputs.pr_draft }}"
echo "pr_labels: ${{ steps.get_pr_data.outputs.pr_labels }}"
echo "pr_labels: ${{ fromJson(steps.get_pr_data.outputs.pr_labels)[0] }}"
echo "pr_requested_teams: ${{ steps.get_pr_data.outputs.pr_requested_teams }}"
echo "pr_requested_teams: ${{ fromJSON(steps.get_pr_data.outputs.pr_requested_teams)[0] }}"
check-pr-status:
runs-on: ubuntu-latest
needs: get-pr-data
if: ${{ needs.get-pr-data.outputs.pr_number != '' }}
env:
pr_labels: ${{ needs.get-pr-data.outputs.pr_labels }}
pr_requested_teams: ${{ needs.get-pr-data.outputs.pr_requested_teams }}
outputs:
test_status: ${{ steps.get_code_checks_conclusion.outputs.test_status }}
exempt: ${{ steps.check_exemption.outputs.exempt }}
failures_detected: ${{ steps.audit_pr_labels.outputs.failures_detected }}
steps:
- name: Print vars (DELETE ME)
run: |
echo "pr_labels=${{ needs.get-pr-data.outputs.pr_labels }}"
echo "pr_requested_teams=${{ needs.get-pr-data.outputs.pr_requested_teams }}"
- name: Get Code Checks result
if: github.event_name == 'workflow_run'
run: |
echo "test_status=${{ github.event.workflow_run.conclusion }}" >> $GITHUB_OUTPUT
echo "test_status: ${{ github.event.workflow_run.conclusion }}"
- name: Check for exemption
id: check_exemption
run: |
if ${{ contains(fromJSON(env.pr_requested_teams), 'backend-review-group') }}; then
echo "exempt=false" >> $GITHUB_OUTPUT
echo "PR requires backend approval."
else
echo "exempt=true" >> $GITHUB_OUTPUT
echo "PR is exempt from backend approval."
fi
- name: Check for failure labels
id: audit_pr_labels
run: |
if \
${{ contains(env.pr_labels, 'code-health-failure') }} || \
${{ contains(env.pr_labels, 'codeowners-addition-failure') }} || \
${{ contains(env.pr_labels, 'codeowners-delete-failure') }} || \
${{ contains(env.pr_labels, 'lint-failure') }} || \
${{ contains(env.pr_labels, 'test-failure') }} ; then
echo "failures_detected=true" >> $GITHUB_OUTPUT
echo "Failure labels detected."
else
echo "failures_detected=false" >> $GITHUB_OUTPUT
echo "No failure labels detected."
fi
check-approvals:
runs-on: ubuntu-latest
needs: [get-pr-data, check-pr-status]
if: ${{ needs.check-pr-status.outputs.exempt == 'false' && needs.check-pr-status.outputs.pr_draft == 'false' }}
env:
pr_number: ${{ needs.get-pr-data.outputs.pr_number }}
outputs:
approval_status: ${{ steps.verify_approval.outputs.approval_status }}
steps:
- name: Print vars (DELETE ME)
run: |
echo "pr_number=${{ env.pr_number }}"
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4.0.2
with:
aws-access-key-id: ${{ secrets.aws_access_key_id }}
aws-secret-access-key: ${{ secrets.aws_secret_access_key }}
aws-region: "us-gov-west-1"
- name: Get bot token from Parameter Store
uses: marvinpinto/action-inject-ssm-secrets@latest
with:
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN
- name: Get PR Reviews
id: get_pr_reviews
uses: octokit/request-action@v2.x
with:
route: GET /repos/${{ github.repository }}/pulls/${{ env.pr_number }}/reviews
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Get backend-review-group members
id: get_team_members
uses: octokit/request-action@v2.x
with:
route: GET /orgs/department-of-veterans-affairs/teams/backend-review-group/members
env:
GITHUB_TOKEN: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }}
# Confirm an approval exists from at least one BE team member
- name: Verify backend-review-group approval
id: verify_approval
run: |
BACKEND_REVIEWERS=$(cat <<'EOF' | jq -r '.[].login' | tr '\n' '|' | sed 's/|$//'
${{ steps.get_team_members.outputs.data }}
EOF
)
APPROVALS=$(cat <<'EOF' | jq -r '.[] | select(.state == "APPROVED") | .user.login' | grep -iE "$BACKEND_REVIEWERS" | wc -l
${{ steps.get_pr_reviews.outputs.data }}
EOF
)
echo "Number of backend-review-group approvals: $APPROVALS"
if [ "$APPROVALS" -eq 0 ]; then
echo "approval_status=required" >> $GITHUB_OUTPUT
echo "Backend-review-group approval required."
else
echo "approval_status=confirmed" >> $GITHUB_OUTPUT
echo "Backend-review-group approval confirmed."
fi
apply-labels:
runs-on: ubuntu-latest
needs: [get-pr-data, check-pr-status, check-approvals]
if: ${{ always() }}
env:
exempt: ${{ needs.check-pr-status.outputs.exempt }}
pr_number: ${{ needs.get-pr-data.outputs.pr_number }}
pr_draft: ${{ needs.get-pr-data.outputs.pr_draft }}
pr_labels: ${{ needs.get-pr-data.outputs.pr_labels }}
test_status: ${{ needs.check-pr-status.outputs.test_status }}
failures_detected: ${{ needs.check-pr-status.outputs.failures_detected }}
approval_status: ${{ needs.check-approvals.outputs.approval_status }}
steps:
- name: print vars (DELETE ME)
id: print-vars
run: |
echo ${{ env.exempt }}
echo ${{ env.pr_number }}
echo ${{ env.pr_draft }}
echo ${{ env.pr_labels }}
echo ${{ env.test_status }}
echo ${{ env.failures_detected }}
echo ${{ env.approval_status }}