From 5d8990bd16a73e404b731b86c8b89b2674425790 Mon Sep 17 00:00:00 2001 From: Javier Bullrich Date: Sun, 17 Sep 2023 22:09:27 -0300 Subject: [PATCH 1/7] add review-bot to require fellows as reviewers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Created a Github Action that uses the [Review-Bot app](https://github.com/paritytech/review-bot) to require fellows to review pull requests before allowing the PR to be merged. The user's information is fetched always from the chain after every event. It looks in the fellows data for a field named GitHub and it extracts the handle from there. This resolves #7 (you can find more information about the request there) This uses [`pull_request_target`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) for the event, not `pull_request`. This is a security measure so that an attacker doesn’t have access to the secrets. --- .github/review-bot.yml | 44 ++++++++++++++++++++++++++++++++ .github/workflows/review-bot.yml | 32 +++++++++++++++++++++++ 2 files changed, 76 insertions(+) create mode 100644 .github/review-bot.yml create mode 100644 .github/workflows/review-bot.yml diff --git a/.github/review-bot.yml b/.github/review-bot.yml new file mode 100644 index 0000000000..257706e0e1 --- /dev/null +++ b/.github/review-bot.yml @@ -0,0 +1,44 @@ +rules: + - name: CI Files + condition: + include: + - ^\.github/.* + type: basic + minFellowsRank: 6 + min_approvals: 2 + - name: Relay files + condition: + include: + - ^relay\/kusama\/.* + - ^relay\/polkadot\/.* + exclude: + - ^relay\/.+\.adoc$ + type: basic + minFellowsRank: 4 + min_approvals: 2 + - name: System Parachain Files + condition: + include: + - ^system-parachains\/.* + type: basic + minFellowsRank: 2 + min_approvals: 2 + - name: Target Files + condition: + include: + - ^target\/.* + type: basic + minFellowsRank: 4 + min_approvals: 2 + - name: General Files + condition: + include: + - '.*' + exclude: + - ^relay\/kusama\/.* + - ^relay\/polkadot\/.* + - ^\.github/.* + - ^system-parachains\/.* + - ^target\/.* + type: basic + minFellowsRank: 1 diff --git a/.github/workflows/review-bot.yml b/.github/workflows/review-bot.yml new file mode 100644 index 0000000000..b4eca7688d --- /dev/null +++ b/.github/workflows/review-bot.yml @@ -0,0 +1,32 @@ +name: Review PR +on: + pull_request_target: + types: + - opened + - reopened + - synchronize + - review_requested + - review_request_removed + - ready_for_review + pull_request_review: + +permissions: + contents: read + checks: write + +jobs: + review-approvals: + runs-on: ubuntu-latest + steps: + - name: Generate token + id: team_token + uses: tibdex/github-app-token@v1 + with: + app_id: ${{ secrets.REVIEW_APP_ID }} + private_key: ${{ secrets.REVIEW_APP_KEY }} + - name: "Evaluates PR reviews and assigns reviewers" + uses: paritytech/review-bot@v1.1.0 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + team-token: ${{ steps.team_token.outputs.token }} + checks-token: ${{ steps.team_token.outputs.token }} From bb0dd0f1df2effdb144ae858055618e2f5b41163 Mon Sep 17 00:00:00 2001 From: Javier Bullrich Date: Sun, 17 Sep 2023 23:54:44 -0300 Subject: [PATCH 2/7] removed non existent directory --- .github/review-bot.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/review-bot.yml b/.github/review-bot.yml index 257706e0e1..cc4271318a 100644 --- a/.github/review-bot.yml +++ b/.github/review-bot.yml @@ -23,13 +23,6 @@ rules: type: basic minFellowsRank: 2 min_approvals: 2 - - name: Target Files - condition: - include: - - ^target\/.* - type: basic - minFellowsRank: 4 - min_approvals: 2 - name: General Files condition: include: From abe4f4c36225419b1d5da631f458567ee03a1b03 Mon Sep 17 00:00:00 2001 From: Javier Bullrich Date: Mon, 18 Sep 2023 10:31:06 -0300 Subject: [PATCH 3/7] Apply suggestions for required rankings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Bastian Köcher Co-authored-by: joe petrowski <25483142+joepetrowski@users.noreply.github.com> --- .github/review-bot.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/review-bot.yml b/.github/review-bot.yml index cc4271318a..b0cab3f05a 100644 --- a/.github/review-bot.yml +++ b/.github/review-bot.yml @@ -14,8 +14,8 @@ rules: exclude: - ^relay\/.+\.adoc$ type: basic - minFellowsRank: 4 - min_approvals: 2 + minFellowsRank: 3 + min_approvals: 4 - name: System Parachain Files condition: include: @@ -34,4 +34,4 @@ rules: - ^system-parachains\/.* - ^target\/.* type: basic - minFellowsRank: 1 + minFellowsRank: 2 From 8c1e60ec1da0e3a60f9cf933e231e447c59864d6 Mon Sep 17 00:00:00 2001 From: Javier Bullrich Date: Mon, 18 Sep 2023 10:32:15 -0300 Subject: [PATCH 4/7] merged system parachains with relay files --- .github/review-bot.yml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/.github/review-bot.yml b/.github/review-bot.yml index b0cab3f05a..aac64312ec 100644 --- a/.github/review-bot.yml +++ b/.github/review-bot.yml @@ -6,23 +6,17 @@ rules: type: basic minFellowsRank: 6 min_approvals: 2 - - name: Relay files + - name: Relay and system files condition: include: - ^relay\/kusama\/.* - ^relay\/polkadot\/.* + - ^system-parachains\/.* exclude: - ^relay\/.+\.adoc$ type: basic minFellowsRank: 3 min_approvals: 4 - - name: System Parachain Files - condition: - include: - - ^system-parachains\/.* - type: basic - minFellowsRank: 2 - min_approvals: 2 - name: General Files condition: include: From e172a8038782f981df38c7e62d99b88c7ba314c4 Mon Sep 17 00:00:00 2001 From: Javier Bullrich Date: Mon, 18 Sep 2023 10:37:23 -0300 Subject: [PATCH 5/7] updated minFellowsRank for .github files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Bastian Köcher --- .github/review-bot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/review-bot.yml b/.github/review-bot.yml index aac64312ec..922a3ae62b 100644 --- a/.github/review-bot.yml +++ b/.github/review-bot.yml @@ -4,7 +4,7 @@ rules: include: - ^\.github/.* type: basic - minFellowsRank: 6 + minFellowsRank: 4 min_approvals: 2 - name: Relay and system files condition: From 8ab0ea3f4cd5187f7619cd2d59451204be9fe99b Mon Sep 17 00:00:00 2001 From: Javier Bullrich Date: Thu, 21 Sep 2023 14:38:12 +0100 Subject: [PATCH 6/7] updated file to new version Version 2.0.0 requires new types and fields. This will help us so we can develop custom rules in the future. --- .github/review-bot.yml | 16 ++++++++-------- .github/workflows/review-bot.yml | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/review-bot.yml b/.github/review-bot.yml index 922a3ae62b..73b4693e79 100644 --- a/.github/review-bot.yml +++ b/.github/review-bot.yml @@ -3,9 +3,9 @@ rules: condition: include: - ^\.github/.* - type: basic - minFellowsRank: 4 - min_approvals: 2 + type: fellows + minRank: 4 + minApprovals: 2 - name: Relay and system files condition: include: @@ -14,9 +14,9 @@ rules: - ^system-parachains\/.* exclude: - ^relay\/.+\.adoc$ - type: basic - minFellowsRank: 3 - min_approvals: 4 + type: fellows + minRank: 3 + minApprovals: 4 - name: General Files condition: include: @@ -27,5 +27,5 @@ rules: - ^\.github/.* - ^system-parachains\/.* - ^target\/.* - type: basic - minFellowsRank: 2 + type: fellows + minRank: 2 diff --git a/.github/workflows/review-bot.yml b/.github/workflows/review-bot.yml index b4eca7688d..75f7a1d192 100644 --- a/.github/workflows/review-bot.yml +++ b/.github/workflows/review-bot.yml @@ -25,7 +25,7 @@ jobs: app_id: ${{ secrets.REVIEW_APP_ID }} private_key: ${{ secrets.REVIEW_APP_KEY }} - name: "Evaluates PR reviews and assigns reviewers" - uses: paritytech/review-bot@v1.1.0 + uses: paritytech/review-bot@v2.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} team-token: ${{ steps.team_token.outputs.token }} From 43be36d69ad396ac235bd3dff938983df6097bb7 Mon Sep 17 00:00:00 2001 From: Javier Bullrich Date: Fri, 22 Sep 2023 09:44:17 +0100 Subject: [PATCH 7/7] added CHANGELOG to 'Relay and System files' rule --- .github/review-bot.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/review-bot.yml b/.github/review-bot.yml index 73b4693e79..230f2d0ca5 100644 --- a/.github/review-bot.yml +++ b/.github/review-bot.yml @@ -12,6 +12,7 @@ rules: - ^relay\/kusama\/.* - ^relay\/polkadot\/.* - ^system-parachains\/.* + - ^CHANGELOG$ exclude: - ^relay\/.+\.adoc$ type: fellows