-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathaction.yml
116 lines (102 loc) · 4.52 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
name: 'Dismiss stale approvals'
description: 'Dismiss approvals on a pull request if the diff has changed'
author: 'Graphite'
inputs:
github-token:
description:
'A GITHUB_TOKEN secret or PAT that has write access to the repository'
required: true
fetch-depth:
default: 250
description:
'The maximum length of a branch from head to base that will be compared to the previous run. If the branch is longer than this number, reviews will always be dismissed.'
required: false
dry-run:
description: 'Comment on the PR instead of dismissing approvals.'
required: false
default: false
runs:
using: "composite"
steps:
- name: Set Workflow Run URL as Output
shell: bash
run: |
REPO_URL="https://github.com/${{ github.repository }}"
RUN_URL="$REPO_URL/actions/runs/${{ github.run_id }}"
echo WORKFLOW_RUN_URL="$RUN_URL" >> $GITHUB_ENV
- name: Set GitHub path
shell: bash
run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH
- name: Download SHAs from last run
shell: bash
run: |
latest_artifact.sh "${{ inputs.github-token }}" "${{ github.repository }}" "$(echo ${{github.ref_name}} | cut -d '/' -f 1)" "${{ github.head_ref }}" "${{ github.workflow }}" "dismiss-stale-approvals-shas" || true
if [ -f shas.txt ]; then
echo "PREV_HEAD_SHA=$(head -n 1 shas.txt)" >> $GITHUB_ENV
echo "PREV_BASE_SHA=$(tail -n 1 shas.txt)" >> $GITHUB_ENV
fi
env:
GITHUB_ACTION_PATH: ${{ github.action_path }}
- name: Read SHAs
shell: bash
run: |
echo "HEAD_SHA=${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV
echo "BASE_SHA=${{ github.event.pull_request.base.sha }}" >> $GITHUB_ENV
- name: Write SHAs to file
shell: bash
run: |
echo "${{ env.HEAD_SHA }}" > shas.txt
echo "${{ env.BASE_SHA }}" >> shas.txt
- name: Upload SHAs
uses: actions/upload-artifact@v4
continue-on-error: true
id: artifact-upload-step
with:
name: dismiss-stale-approvals-shas
path: shas.txt
- name: Check if diff has changed
continue-on-error: true
id: check
shell: bash
run: |
if [ -z ${{ env.PREV_HEAD_SHA }} ] || [ -z ${{ env.PREV_BASE_SHA }} ]; then
echo ::notice:: "No previous SHAs found; behaving as if diff has changed"
echo MATCH="0" >> $GITHUB_ENV
exit 0
fi
git init -q --bare bare.git
cd bare.git
git remote add origin https://oauth2:"${{ inputs.github-token }}"@github.com/"${{ github.repository }}".git
git fetch -q origin --depth="${{ inputs.fetch-depth }}" "${{ env.PREV_BASE_SHA }}" "${{ env.PREV_HEAD_SHA }}" "${{ env.BASE_SHA }}" "${{ env.HEAD_SHA }}"
PREV_MERGE_BASE=$(git merge-base "${{ env.PREV_BASE_SHA }}" "${{ env.PREV_HEAD_SHA }}")
MERGE_BASE=$(git merge-base "${{ env.BASE_SHA }}" "${{ env.HEAD_SHA }}")
echo "Merge bases: $PREV_MERGE_BASE $MERGE_BASE"
RANGE_DIFF=$(git range-diff "$PREV_MERGE_BASE".."${{ env.PREV_HEAD_SHA }}" "$MERGE_BASE".."${{ env.HEAD_SHA }}")
MATCH=$(echo "$RANGE_DIFF" | awk '{print $3}' | grep -vq '^=$'; echo $?)
echo MATCH="$MATCH" >> $GITHUB_ENV
if [ "$MATCH" == "0" ]; then
# Run git range-diff again with colors to make it easier to read
echo ::notice:: "PR was modified:
$(git range-diff --color=always "$PREV_MERGE_BASE".."${{ env.PREV_HEAD_SHA }}" "$MERGE_BASE".."${{ env.HEAD_SHA }}")"
else
echo "PR was not modified, range diff for debugging:"
echo "$RANGE_DIFF"
fi
- name: Construct dismissal reason
shell: bash
run: |
if [ "${{ env.NO_PREV_SHAS }}" == "1" ]; then
DETAILS="Could not find data on the previous version of this PR; see action logs at "
elif [ "${{ env.MATCH }}" == "0" ]; then
DETAILS='See the output of `git range-diff` at '
else
DETAILS="Failed to check if diff has changed; see action logs at "
fi
echo "REASON=Your organization requires reapproval when changes are made, so Graphite has dismissed approvals. ${DETAILS}${{ env.WORKFLOW_RUN_URL }}" >> $GITHUB_ENV
- name: Dismiss approvals if diff has changed or if any prior step failed
if: env.MATCH == '0' || env.NO_PREV_SHAS == '1'
uses: withgraphite/dismiss-all-approvals-js@main
with:
github-token: ${{ inputs.github-token }}
dry-run: ${{ inputs.dry-run }}
reason: ${{ env.REASON }}