This is a Github Action that validates the required minimum number of approving reviews and/or Check-runs on a Pull Request depending on the set of labels applied to it, or alternatively on the default values.
Create a .github/label-requires-checks-reviews.yml file (if, for some reason, it requires a different file name you can overwrite this value by setting the configPath action input) containing a list of the following configurations:
labelis the name of the label that will be checked on the Pull Request.reviewsthe number of approved reviews needed on the Pull Request for the action to return a success value. In case of having several matching tags the highest number will apply.checksis the list of names for the successful check-runs needed on the Pull Request for the action to return a success value. In case of having several matching tags it'll require all of them.
Here is an example:
- label: "typescript"
reviews: 2
- label: "migration"
reviews: 5
checks:
- build
- label: "_default_"
reviews: 1
checks:
- buildWith that configuration this check will fail on a Pull Request that has the typescript tag until two or more approving reviews have been added. If instead the Pull Request has the migration tag it will require five reviews and the check build to be succesful. In case both tags are present it will require the highest number of reviews (five) and all the checks to be succesful (in this case build).
Create a workflow (eg: .github/workflows/label-based-pr-policy.yml see Creating a Workflow file) to utilize this action with content:
# This workflow will set a number of reviewers and mandatory checks depending on the tags
name: Label-based Branch Protection Example
# Trigger the workflow on pull requests
on:
pull_request:
jobs:
require-checks-and-reviewers:
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@v2
- name: label-based-pr-policy-action
uses: cmpsoares/label-based-pr-policy-action@main
env:
GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN}}In order for the workflow to be able to perform actions on the Pull Request you'll need to set a PERSONAL_ACCESS_TOKEN secret on the repository see Creating and storing encrypted secrets.
To make this check mandatory you need to specify it on the Branch protection rule section of the repository settings like the example:
According to this configuration, the main branch is protected by the option Required approving reviews set to 1. That means that any Pull Request that wants to merge code into master would have to be approved by at least one reviewer.
By checking Require status checks to pass before merging and require-checks-and-reviewers anytime the Pull Request gets a new review this action will fire and the Pull Request is labeled with one of the labels that require more than one approving review blocking the possibility of merging until this label required number of approving reviews is reached.
Since Github Workflow jobs can have conditionals, and in the workflow you can directly access some action metadata.
You can avoid checking out the code and running this action if you know the issue does not contain any of the labels that will trigger it, that will set the action as skipped and will never run.
The drawback is that the list of labels will be duplicated, but you can save a lot of actions time.
Please check our company's contribution guidelines for more information.
This repository was initially based on TravePerk's label-requires-revies-action code (hard fork), however as the scope changed significantly and there were some annoyances in maintaining a fork we copied our modified code to this repository. However, its fair to give them the credit they deserve.
So far the following people contributed to this repository. Feel free to join them and contribute!
Made with contributors-img.