Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 57 additions & 0 deletions .github/workflows/owner-approval-policy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
name: Owner Approval Policy

on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
pull_request_review:
types: [submitted, edited, dismissed]

permissions:
contents: read
pull-requests: read

jobs:
owner-approval-policy:
name: owner-approval-policy
runs-on: ubuntu-latest
steps:
- name: Check owner approval
uses: actions/github-script@v7
with:
script: |
const requiredApprover = "jbohnslav";
const pr = context.payload.pull_request;

if (!pr) {
core.setFailed("This workflow only supports pull request events.");
return;
}

if (pr.user.login === requiredApprover) {
core.info(`PR author is ${requiredApprover}; owner approval is not required.`);
return;
}

const reviews = await github.paginate(github.rest.pulls.listReviews, {
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: pr.number,
per_page: 100,
});

let ownerReviewState = null;
for (const review of reviews) {
if (review.user?.login !== requiredApprover) {
continue;
}
if (["APPROVED", "CHANGES_REQUESTED", "DISMISSED"].includes(review.state)) {
ownerReviewState = review.state;
}
}

if (ownerReviewState === "APPROVED") {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Require owner approval for the current head

Because this accepts any latest APPROVED review from jbohnslav without checking that the review was submitted for pr.head.sha, a contributor can get approval, push new commits, and the synchronize run will still find the old approval and pass the required status check. That lets unreviewed code satisfy the owner-approval policy; filter approvals by the current head commit (for example review.commit_id === pr.head.sha) before returning success.

Useful? React with 👍 / 👎.

core.info(`PR has an active approval from ${requiredApprover}.`);
return;
}

core.setFailed(`PRs not authored by ${requiredApprover} require approval from ${requiredApprover}.`);
Loading