chore: test multi-approvers download members.json

Author: meltsufin

.github/workflows/multi-approvers.yml

@@ -0,0 +1,109 @@
+# Copyright 2025 The Authors (see AUTHORS file)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: 'multi-approvers'
+
+on:
+  workflow_call:
+    inputs:
+      # Path to a JSON file containing the members of the org. This should be
+      # the full path from the repo root without a leading `/`.
+      # See the README for more.
+      org-members-path:
+        required: true
+        type: 'string'
+      multi-approvers-js-url:
+        description: 'The URL to multi-approvers.js. This should typically not need to be set.'
+        type: 'string'
+        default: 'https://raw.githubusercontent.com/abcxyz/pkg/main/.github/workflows/multi-approvers.js'
+
+
+permissions:
+  actions: 'write'
+  contents: 'read'
+  pull-requests: 'read'
+
+jobs:
+  multi-approvers:
+    if: |-
+      contains(fromJSON('["pull_request", "pull_request_review"]'), github.event_name)
+    runs-on: 'ubuntu-latest'
+    steps:
+      - name: 'Checkout the calling repo'
+        uses: 'actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683' # ratchet:actions/checkout@v4
+
+      - name: 'Download multi-approvers.js'
+        id: 'download-multi-approvers-js'
+        run: |-
+          MULTI_APPROVERS_JS="${RUNNER_TEMP}/${GITHUB_SHA:0:7}.multi-approvers.js"
+
+          # Download the file, passing in authentication to get a higher rate
+          # limit: https://docs.github.com/en/rest/overview/resources-in-the-rest-api?apiVersion=2022-11-28#rate-limits-for-requests-from-github-actions
+          curl "${{ inputs.multi-approvers-js-url }}" \
+            --silent \
+            --fail \
+            --location \
+            --header "Authorization: Token ${{ github.token }}" \
+            --output "${MULTI_APPROVERS_JS}"
+
+          # Save the result to an output.
+          echo "::notice::Downloaded multi-approvers.js to ${MULTI_APPROVERS_JS}"
+          echo "output-file=${MULTI_APPROVERS_JS}" >> "${GITHUB_OUTPUT}"
+
+      - name: 'Check approver requirements'
+        uses: 'actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea' # ratchet:actions/github-script@v7
+        with:
+          retries: 3
+          script: |-
+            let orgMembersPath = '${{ inputs.org-members-path }}';
+            if (!orgMembersPath.startsWith('/')) {
+              orgMembersPath = '${{ github.workspace }}/${{ inputs.org-members-path }}';
+            }            
+            // Warning: this should not be quoted, otherwise comparisons will not work in JS.
+            const prNumber = ${{ github.event.pull_request.number }}
+            const repoName = '${{ github.event.repository.name }}'
+            const repoOwner = '${{ github.event.repository.owner.login }}'
+            const {onPullRequest} = require('${{ steps.download-multi-approvers-js.outputs.output-file }}');
+            await onPullRequest({
+              orgMembersPath,
+              prNumber,
+              repoName,
+              repoOwner,
+              github,
+              core,
+            });
+
+      - name: 'Re-run approver checks'
+        if: |-
+          github.event_name == 'pull_request_review'
+        uses: 'actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea' # ratchet:actions/github-script@v7
+        with:
+          retries: 3
+          script: |-
+            const branch = '${{ github.event.pull_request.head.ref }}'
+            // Warning: this should not be quoted, otherwise comparisons will not work in JS.
+            const prNumber = ${{ github.event.pull_request.number }}
+            const repoName = '${{ github.event.repository.name }}'
+            const repoOwner = '${{ github.event.repository.owner.login }}'
+            const workflowRef = '${{ github.workflow_ref }}';
+            const {onPullRequestReview} = require('${{ steps.download-multi-approvers-js.outputs.output-file }}');
+            await onPullRequestReview({
+              branch,
+              prNumber,
+              repoName,
+              repoOwner,
+              workflowRef,
+              github,
+              core,
+            });

.github/workflows/multi_approvers.yaml

@@ -25,7 +25,31 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+ download_members:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download members.json
+        id: 'download_members'
+        run: |-
+            MEMBERS_JSON="${RUNNER_TEMP}/${GITHUB_SHA:0:7}.members.json"
+
+            # Download the file, passing in authentication to get a higher rate
+            # limit: https://docs.github.com/en/rest/overview/resources-in-the-rest-api?apiVersion=2022-11-28#rate-limits-for-requests-from-github-actions
+            curl "https://raw.githubusercontent.com/googleapis/google-auth-library-java/refs/heads/main/.github/workflows/members.json" \
+              --silent \
+              --fail \
+              --location \
+              --header "Authorization: Token ${{ github.token }}" \
+              --output "${MEMBERS_JSON}"
+
+            # Save the result to an output.
+            echo "::notice::Downloaded members.json to ${MEMBERS_JSON}"
+            echo "output-file=${MEMBERS_JSON}" >> "${GITHUB_OUTPUT}"
+    outputs:
+        members_path: ${{ steps.download_members.outputs.output-file }}
+
   multi-approvers:
+    needs: download_members
     uses: 'abcxyz/pkg/.github/workflows/multi-approvers.yml@main'
     with:
-      org-members-path: '.github/workflows/members.json'
+      org-members-path: ${{ needs.download_members.outputs.members_path }}