Merge PR by Github action if review was approved by a user - github

Is it possible to configure Github actions workflow to merge pull request if it was approved (submitted review with approve keyword) by one of the users (static fixed list, which can be written in workflow config file)? I tried to find it in documentation: https://help.github.com/en/articles/workflow-syntax-for-github-actions#on
- I suppose I can use on: [pull_request_review] trigger for action, but documentation didn't mention how to access event payload in action yaml file, where I need to extract reviewer login from this payload.

I found this in https://help.github.com/en/articles/virtual-environments-for-github-actions#filesystems-on-github-hosted-machines:
workflow/event.json: The POST payload of the webhook event that triggered the workflow. GitHub rewrites this each time an action executes to isolate file content between actions. Use the GITHUB_EVENT_PATH environment variable to access this file.
So the next step will be figuring out how to parse a JSON file and extract some data that a later step can use. For that, looking at GitHub's setup-dotnet action might prove useful. In line 62 of installer.ts, they call a function called core.exportVariable, which as you can see here, causes ##[set-env name=NAME;]value to be printed in the action's output. I've personally verified that this causes the environment variable called NAME to automatically be present in later steps of the same workflow job.
Now, I don't yet know if you can simply do echo "##[set-env name=NAME;]$VALUE" in a run step of a GitHub workflow and have that work; it's possible that you'll have to write a custom action in Typescript to get access to core.exportVariable. But once you have parsed the JSON, that would be one way of passing that information on to later steps in your job.

In addition of rmunn's answer, you might also want to protect your branch:
GitHub Actions: Prevent GitHub Actions from approving pull requests (2022, 14th Jan.)
We have introduced a new policy setting that controls whether GitHub Actions can approve pull requests.
This protects against a user using Actions to satisfy the "Required approvals" branch protection requirement and merging a change that was not reviewed by another user.
To prevent breaking existing workflows, Allow GitHub Actions reviews to count towards required approval is enabled by default.
However, an organization admin can disable it under the organization's Actions settings.
That way, you are sure approvals were made exclusively by users, not by other actions.

Related

GitHub Actions is not permitted to create or approve pull requests (createPullRequest)

Since the 3rd of May this month, github added the setting Allow GitHub Actions to create and approve pull requests for creating pull requests in github actions, under Settings > Actions > General. However, it seems I cannot select this option for my repo, it is grayed out without any explanation why it is grayed out.
Whenever the "default permissions" setting is changed and saved, it is possible to select the Allow GitHub Actions to create and approve pull requests, but if it is saved it snaps back to the original grayed out version, unchecked.
I also tried giving the workflow file the pull-request permission like so:
permissions:
pull-requests: write
but that didn't work either. Is there something I am missing which prevents me from using pull requests within github actions?
You are probably using an organization, which means you must first enable this behavior on the organization level and then on the repository level
Go to https://github.com/organizations/YOUR_ORG/settings/actions and check Allow GitHub Actions to create and approve pull requests
Then go to https://github.com/YOUR_ORG/YOUR_REPO/settings/actions and check the box that previously was grayed out

Azure DevOps; Why are reviewers optional by default

When we create a new Pull Request in Azure DevOps, we've recently noticed that the Reviewer is Optional by default.
This has caused some confusion, as far as I recall, reviewers were always Required by default in the past.
Has this changed?
To make the Reviewer required, I know we can do this via the 'Add Required Reviewer' option but it would be nice if we could make the Reviewer Required by default...
For recent changes you may be seeing, see the this user voice request and the blog post about the new pull request experience.
One thing we've done in the past to ensure a pull request always gets a review is create teams within the project adding a set of users of which at least one will have to approve the pull request and then update the target branch policies to add the team as a required reviewer.
you can do that by using branch policies, the bit thats called add automatic reviewers: https://learn.microsoft.com/en-us/azure/devops/repos/git/branch-policies?view=azure-devops#automatically-include-code-reviewers

Get review status of pull request from Github

Running on GitHub Enterprise I have a small Jenkins job that looks for pull-request comments and triggers a script depending on the message.
Now I only want to trigger the script if review is already done from GitHub point of view, like all CODE_OWNERS and no additional person requested changes. I don't want to implement that logic myself. GitHub has different section for reviews and status checks. I only want review state, since I am going to set the status myself.
But I was not able to the correct value from the API endpoint. Neither from pull-request itself, nor from pulls/id/reviews.
Closest that i found was "mergeable_state", but this unfortunately takes the status check into consideration.
Is there another place to look for?
I don't think you can fetch the global review status. I think that the best you can do is to check that there are no review requests and fetch all reviews to check if there are no requested changes.
Finally we decided to make a Probot app in Github which was able to get all the required information.

Github how to track commits only from certain users

I wish to trigger an action(maybe send a mail/alert) when the code is committed only for my team members which is a very small subset of large number of contributors. Is there a way to track commits only from certain specific users in Github/Gitlab.
Yes! You can even automate this process using a webhook. In case you aren't familiar - a webhook delivers a JSON payload when a certain event occurs.
By setting up a webhook on the GitHub push event you'll create alerts every time a push is made to your repository. You can create a small script that scans the author value. If the value matches one of your team members you can configure your alert/mailer, otherwise you can configure your script to ignore the webhook's payload.

Automatically merge verified and tested GitHub Pull Requests

I'd like to automatically (i.e. from Jenkins) merge a GitHub pull request that has been approved by a person and has been tested successfully; in other words, when all THREE of these checkmarks are green:
Is this possible? I haven't found any documentation on an API for GitHub's new "changes approved" code review functionality.
There is a new PullRequestReviewEvent webhook that is triggered when a review is submitted in a non-pending state. The body of the webhook contains the ["review"]["state"] field, which will be approved when all reviewers have approved the changes (i.e. when you get the green "changes approved" tick in the UI).
Combine this with the StatusEvent for the head SHA of your pull request to get the status checks from CI and so on, then finally check the "merge-ability" of the pull by requesting the pull request from the API:
GET /repos/:owner/:repo/pulls/:number
Once you have all three things, you can merge the pull request with:
PUT /repos/:owner/:repo/pulls/:number/merge
and appropriate payload parameters. Note you'll need the Accept: application/vnd.github.polaris-preview+json for some of the payload parameters as they are in a preview period.
Official documentation: "Managing auto-merge for pull requests in your repository".
That is now (Dec. 2020, 4 years later) available:
Pull request auto-merge public beta
Pull request auto-merge is now rolling out as a public beta!
With auto-merge, pull requests can be automatically merged when all requirements for merging are met. No more waiting for long checks to finish just so you can press the merge button!
To use auto-merge, a repository maintainer or admin must first toggle on the repository setting to allow auto-merge (see steps).
Then any user with write permission can enable or disable auto-merge by navigating to the pull request page.
Keep in mind that auto-merge is only available for pull requests targeting a branch with required reviews or required status checks, and therefore is only available on public repositories and private repositories on Team and GitHub Enterprise Cloud plans.
Learn more about pull request auto-merge.
Update Feb. 2021:
Pull request auto-merge is now generally available
With auto-merge, pull requests can be set to merge automatically when all merge requirements are met.
No more waiting on slow CI jobs or tests to finish just so you can click the merge button!
To use auto-merge, first have an administrator allow auto-merge in the repository settings.
Then to enable auto-merge, navigate to the pull request on GitHub.com or GitHub Mobile and tap the button to enable.
Note that auto-merge can only be enabled by users with permission to merge and when there are unsatisfied merge requirements, like missing approvals or failing required status checks.
GraphQL APIs will be rolling out later this week. The pull request webhook event also now includes actions that indicate when auto-merge is enabled or disabled.
Learn more about pull request auto-merge
However, as The Godfather mentions in the comments:
The problem with this is that it doesn't do auto-update.
So as soon as your repo has "branches must be up-to-date" and some other PR got merged, this "auto-merge" doesn't work any more.
It should have been called the same way as Gitlab: "merge when pipeline succeeds", at least it's not as confusing... –
Update Aug. 2021:
Maintainers can now manage the availability of auto-merge in a repository
Maintainers can now manage the repository-level "Allow auto-merge" setting.
This setting, which is off by default, controls whether auto-merge is available on pull requests in the repository.
Previously, only admins could manage this setting.
Additionally, this setting can now by controlled using the "Create a repository" and "Update a repository" REST APIs.
I wrote an app that does this. It responds to the review, labelled, and commit status/checks events, and merges when the merge button is green.
The fact that it merges when the merge button is green means that you can configure the requirements for a mergeable PR in the GitHub settings, there's no need to write separate configuration for the app.
Mergery is:
Free, including for private repositories.
Fast. It's event-driven, it doesn't run on a schedule.
Simple. No configuration required. Just label your PRs with automerge.
You can use Mergify to do exactly this, since this is what it has been created for. Just set up a minimal .mergify.yml file in your repository:
rules:
default:
protection:
required_status_checks:
context:
- continuous-integration/travis/pr
required_pull_request_reviews:
required_approving_review_count: 1
And you'll be good to go.
(disclaimer: I'm one of the Mergify founders)
Using github actions which is one of the new ways, this can be done. I have written a blog about auto approving and auto merging PRs using github actions. However, if the intent is to just merge the PRs only, then then the second job in this work flow would be enough to do it.
https://github.com/bobvanderlinden/probot-auto-merge is a free GitHub app that does the job. It's configurable in .github/auto-merge.yml.