Skip to content

Commit cfb44cd

Browse files
BlargianBlargian
committed
fix approval logic
1 parent 63f96be commit cfb44cd

File tree

1 file changed

+70
-23
lines changed

1 file changed

+70
-23
lines changed

.github/workflows/trademark-cla-approval.yml

Lines changed: 70 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -1,26 +1,35 @@
1-
name: Trademark CLA Approval
1+
name: CLA Approval Handler
22

33
on:
4-
issues:
4+
workflow_dispatch:
5+
inputs:
6+
pr_number:
7+
description: 'PR number to approve CLA for'
8+
required: true
9+
type: string
10+
pull_request:
511
types: [labeled]
612

713
permissions: write-all
814

915
jobs:
1016
process-cla-approval:
1117
runs-on: ubuntu-latest
12-
if: github.event.label.name == 'cla-signed'
18+
if: github.event_name == 'workflow_dispatch' || github.event.label.name == 'cla-signed'
1319

1420
steps:
1521
- name: Debug - Event info
1622
run: |
1723
echo "=== CLA APPROVAL DEBUG ==="
1824
echo "Event: ${{ github.event_name }}"
1925
echo "Action: ${{ github.event.action }}"
20-
echo "Label: ${{ github.event.label.name }}"
21-
echo "Added by: ${{ github.actor }}"
22-
echo "Issue number: ${{ github.event.issue.number }}"
23-
echo "Is PR: ${{ github.event.issue.pull_request != null }}"
26+
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
27+
echo "Manual trigger - PR: ${{ github.event.inputs.pr_number }}"
28+
else
29+
echo "Label: ${{ github.event.label.name }}"
30+
echo "Added by: ${{ github.actor }}"
31+
echo "PR number: ${{ github.event.number }}"
32+
fi
2433
echo "================================="
2534
2635
- name: Generate Token
@@ -32,22 +41,30 @@ jobs:
3241
private-key: "${{ secrets.WORKFLOW_AUTH_PUBLIC_PRIVATE_KEY }}"
3342

3443
- name: Process CLA approval
35-
if: github.event.issue.pull_request != null
3644
uses: actions/github-script@v7
3745
with:
3846
github-token: ${{ steps.generate-token.outputs.token || secrets.GITHUB_TOKEN }}
3947
script: |
4048
console.log('=== PROCESSING CLA APPROVAL ===');
49+
console.log('Event:', context.eventName);
4150
console.log('Actor:', context.actor);
42-
console.log('PR/Issue number:', context.issue.number);
4351
44-
// Check if this is actually a PR
45-
if (!context.payload.issue.pull_request) {
46-
console.log('This is not a PR, skipping...');
52+
let prNumber;
53+
54+
// Determine PR number
55+
if (context.eventName === 'workflow_dispatch') {
56+
prNumber = parseInt('${{ github.event.inputs.pr_number }}');
57+
console.log('Manual trigger for PR:', prNumber);
58+
} else if (context.eventName === 'pull_request') {
59+
prNumber = context.payload.pull_request.number;
60+
console.log('Label trigger for PR:', prNumber);
61+
console.log('Label added:', context.payload.label.name);
62+
} else {
63+
console.log('Unexpected event type, skipping...');
4764
return;
4865
}
4966
50-
const prNumber = context.payload.issue.number;
67+
console.log('Processing CLA approval for PR:', prNumber);
5168
5269
// Get PR details
5370
const { data: pr } = await github.rest.pulls.get({
@@ -58,7 +75,7 @@ jobs:
5875
5976
console.log('PR author:', pr.user.login);
6077
61-
// Check if the person adding the label has the right permissions
78+
// Check if the person triggering has the right permissions
6279
try {
6380
const { data: collaboration } = await github.rest.repos.getCollaboratorPermissionLevel({
6481
owner: context.repo.owner,
@@ -75,24 +92,53 @@ jobs:
7592
if (!isAuthorized) {
7693
console.log('User does not have permission to approve CLA');
7794
78-
// Remove the label that was added by unauthorized user
79-
await github.rest.issues.removeLabel({
95+
// If this was a label event, remove the label
96+
if (context.eventName !== 'workflow_dispatch') {
97+
await github.rest.issues.removeLabel({
98+
owner: context.repo.owner,
99+
repo: context.repo.repo,
100+
issue_number: prNumber,
101+
name: 'cla-signed'
102+
});
103+
}
104+
105+
// Add a comment explaining why the action was blocked
106+
await github.rest.issues.createComment({
80107
owner: context.repo.owner,
81108
repo: context.repo.repo,
82109
issue_number: prNumber,
83-
name: 'cla-signed'
110+
body: `@${context.actor} Only repository maintainers can approve CLAs. ${context.eventName !== 'workflow_dispatch' ? 'The label has been removed.' : ''}`
84111
});
85112
86-
// Add a comment explaining why the label was removed
87-
await github.rest.issues.createComment({
113+
console.log('Unauthorized approval attempt blocked');
114+
return;
115+
}
116+
117+
// Check if PR has cla-required label
118+
const { data: labels } = await github.rest.issues.listLabelsOnIssue({
119+
owner: context.repo.owner,
120+
repo: context.repo.repo,
121+
issue_number: prNumber
122+
});
123+
124+
const hasClaMeeded = labels.some(label => label.name === 'cla-required');
125+
console.log('PR has cla-required label:', hasClaMeeded);
126+
127+
if (!hasClaMeeded) {
128+
console.log('PR does not have cla-required label, no action needed');
129+
return;
130+
}
131+
132+
// Ensure cla-signed label is present
133+
const hasClaSigned = labels.some(label => label.name === 'cla-signed');
134+
if (!hasClaSigned) {
135+
console.log('Adding cla-signed label...');
136+
await github.rest.issues.addLabels({
88137
owner: context.repo.owner,
89138
repo: context.repo.repo,
90139
issue_number: prNumber,
91-
body: `@${context.actor} Only repository maintainers can approve CLAs by adding the \`cla-signed\` label. The label has been removed.`
140+
labels: ['cla-signed']
92141
});
93-
94-
console.log('Unauthorized approval attempt blocked');
95-
return;
96142
}
97143
98144
// Authorized - proceed with approval
@@ -135,6 +181,7 @@ jobs:
135181
**Status:** Approved
136182
**Date:** ${new Date().toISOString()}
137183
**Approved by:** @${context.actor}
184+
**Method:** ${context.eventName === 'workflow_dispatch' ? 'Manual approval' : 'Label approval'}
138185
139186
This PR is now unblocked and can proceed with normal review!`
140187
});

0 commit comments

Comments
 (0)