Allow runing github action with ok-to-test

Github actions are not running for non-member contributors, unless a
repo admin presses the "Approve and Run" button. The problem with that
is that PRs are getting merged with no verification, causing leak of
bugs into the codebase.

This PR copies a github action from the cluster-api repo, that approve
running the github action by adding the `ok-to-test` label.

Source: https://github.com/kubernetes-sigs/cluster-api/blob/613a37e0183e818403ff086165bd619393b34178/.github/workflows/pr-gh-workflow-approve.yaml

Signed-off-by: Nahshon Unna-Tsameret <[email protected]>

Author: nunnatsa

.github/workflows/pr-gh-workflow-approve.yaml

@@ -0,0 +1,40 @@
+name: PR approve GH Workflows
+
+on:
+  pull_request_target:
+    types:
+      - edited
+      - labeled
+      - reopened
+      - synchronize
+
+jobs:
+  approve:
+    name: Approve ok-to-test
+    if: (github.repository == 'kubernetes-sigs/cluster-api-provider-kubevirt') && contains(github.event.pull_request.labels.*.name, 'ok-to-test')
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+    steps:
+      - name: Update PR
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
+        continue-on-error: true
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const result = await github.rest.actions.listWorkflowRunsForRepo({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              event: "pull_request",
+              status: "action_required",
+              head_sha: context.payload.pull_request.head.sha,
+              per_page: 100
+            });
+
+            for (var run of result.data.workflow_runs) {
+              await github.rest.actions.approveWorkflowRun({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                run_id: run.id
+              });
+            }