chore(deps): Bump requests from 2.32.5 to 2.33.0 #56
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Approve Workflow Runs | |
| permissions: | |
| actions: write | |
| contents: read | |
| on: | |
| pull_request_target: | |
| types: | |
| - labeled | |
| - synchronize | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event.number }} | |
| cancel-in-progress: true | |
| jobs: | |
| ok-to-test: | |
| if: | | |
| github.event.pull_request.author_association == 'MEMBER' || | |
| github.event.pull_request.author_association == 'OWNER' || | |
| github.event.pull_request.author_association == 'COLLABORATOR' || | |
| github.event.pull_request.user.login == 'dependabot[bot]' || | |
| contains(github.event.pull_request.labels.*.name, 'ok-to-test') | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Check if author is trusted | |
| id: trust-check | |
| shell: bash | |
| env: | |
| AUTHOR_ASSOCIATION: ${{ github.event.pull_request.author_association }} | |
| PR_AUTHOR: ${{ github.event.pull_request.user.login }} | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| run: | | |
| echo "::group::PR Information" | |
| echo "PR Number: #$PR_NUMBER" | |
| echo "PR Author: $PR_AUTHOR" | |
| echo "Author Association: $AUTHOR_ASSOCIATION" | |
| echo "::endgroup::" | |
| # Trusted bot logins — keep in sync with the job-level 'if' condition above. | |
| TRUSTED_BOTS=("dependabot[bot]") | |
| is_trusted_bot() { | |
| local login="$1" | |
| for bot in "${TRUSTED_BOTS[@]}"; do | |
| [[ "$bot" == "$login" ]] && return 0 | |
| done | |
| return 1 | |
| } | |
| if [[ "$AUTHOR_ASSOCIATION" == "MEMBER" || \ | |
| "$AUTHOR_ASSOCIATION" == "OWNER" || \ | |
| "$AUTHOR_ASSOCIATION" == "COLLABORATOR" ]]; then | |
| echo "::notice::Author '$PR_AUTHOR' is a trusted contributor (association: $AUTHOR_ASSOCIATION)." | |
| echo "is_trusted=true" >> "$GITHUB_OUTPUT" | |
| elif is_trusted_bot "$PR_AUTHOR"; then | |
| echo "::notice::Author '$PR_AUTHOR' is a trusted bot." | |
| echo "is_trusted=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "::notice::Author '$PR_AUTHOR' is not a trusted contributor (association: $AUTHOR_ASSOCIATION)." | |
| echo "::notice::Checking for 'ok-to-test' label." | |
| echo "is_trusted=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Approve Pending Workflow Runs | |
| if: | | |
| steps.trust-check.outputs.is_trusted == 'true' || | |
| contains(github.event.pull_request.labels.*.name, 'ok-to-test') | |
| uses: actions/github-script@v8 | |
| with: | |
| retries: 3 | |
| script: | | |
| const request = { | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| event: "pull_request", | |
| status: "action_required", | |
| head_sha: context.payload.pull_request.head.sha, | |
| }; | |
| core.info(`Getting workflow runs that need approval for commit ${request.head_sha}`); | |
| const runs = await github.paginate(github.rest.actions.listWorkflowRunsForRepo, request, (resp) => resp.data); | |
| core.info(`Found ${runs.length} workflow runs that need approval`); | |
| let failures = 0; | |
| for (const run of runs) { | |
| try { | |
| core.info(`Approving workflow run ${run.id}`); | |
| await github.rest.actions.approveWorkflowRun({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| run_id: run.id, | |
| }); | |
| } catch (error) { | |
| if (error.status === 404 || error.status === 422) { | |
| core.warning(`Run ${run.id} could not be approved (HTTP ${error.status}). It may have already been processed.`); | |
| } else { | |
| core.error(`Unexpected error approving run ${run.id}: ${error.message}`); | |
| failures++; | |
| } | |
| } | |
| } | |
| if (failures > 0) { | |
| core.setFailed(`Failed to approve ${failures} workflow run(s)`); | |
| } |