Back to pull request #19665

Require backend-review-group approval #271

Workflow file for this run

.github/workflows/require_be_approval.yml at cabc789

	name: Require backend-review-group approval
	on:
	pull_request_review:
	types: [submitted]
	branches: master

	jobs:
	require-backend-approval:
	name: Require Backend Approval
	if: contains(github.event.pull_request.labels.*.name, 'require-backend-approval')
	permissions: write-all
	runs-on: ubuntu-latest
	steps:
	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v4.0.2
	with:
	aws-access-key-id: ${{ secrets.aws_access_key_id }}
	aws-secret-access-key: ${{ secrets.aws_secret_access_key }}
	aws-region: "us-gov-west-1"

	- name: Get bot token from Parameter Store
	uses: marvinpinto/action-inject-ssm-secrets@latest
	with:
	ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN
	env_variable_name: VA_VSP_BOT_GITHUB_TOKEN

	- name: Get backend-review-group members
	id: get_team_members
	uses: octokit/request-action@v2.x
	with:
	route: GET /orgs/department-of-veterans-affairs/teams/backend-review-group/members
	env:
	GITHUB_TOKEN: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }}

	- name: Get PR reviews
	id: get_pr_reviews
	uses: octokit/request-action@v2.x
	with:
	route: GET /repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number \|\| github.event.pull_request_review.pull_request.number }}/reviews
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Verify backend-review-group approval
	id: verify_approval
	run: \|
	BACKEND_REVIEWERS=$(cat <<'EOF' \| jq -r '.[].login' \| tr '\n' '\|' \| sed 's/\|$//'
	${{ steps.get_team_members.outputs.data }}
	EOF
	)

	APPROVALS=$(cat <<'EOF' \| jq -r '.[] \| select(.state == "APPROVED") \| .user.login' \| grep -iE "$BACKEND_REVIEWERS" \| wc -l
	${{ steps.get_pr_reviews.outputs.data }}
	EOF
	)

	echo "Number of backend-review-group approvals: $APPROVALS"
	if [ "$APPROVALS" -eq 0 ]; then
	echo "approval_status=required" >> $GITHUB_OUTPUT
	exit 1
	else
	echo "approval_status=confirmed" >> $GITHUB_OUTPUT
	fi

	- name: Remove ready-for-review label
	if: success() && steps.verify_approval.outputs.approval_status == 'confirmed' && contains(github.event.pull_request.labels.*.name, 'ready-for-backend-review')
	uses: actions-ecosystem/action-remove-labels@v1
	with:
	number: ${{ github.event.pull_request.number }}
	labels: ready-for-backend-review

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Require backend-review-group approval #271

Workflow file

Require backend-review-group approval #271

Jobs

Run details

Workflow file for this run