Enhanced Auto-PR: Add profanity filter, assign review tag to PRs with multiple file changes and more... #73431
+619
−125
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I have refactor the script and separate the content checking, fetching PR and modified file as separate job in runner
Additionally, the script is now more cover the use case such if user replace one line and add their line then script will accept that as well. Co-Authored-By: Roshan Jossy <8488446+Roshanjossey@users.noreply.github.com>
Implemented code to check offensive content with purgoman API. There is no implementation (commented out) for checking URLs
Merge code is been separated into new job and it will have substitute steps jobs. Added sub-job for checking mergeability
If the content contain offensive text then it will close the PR and one variable will update to true/false.
Here I break down the code to only perform single action such as merge request.
A separate job for only publishing comment with token permission to issue:write. There are 3 types of comments - comment about multiples files modified - Comment on merge conflict - Comment on multiple line changes in Contributors.md - Comment about Code of Conduct in PR which used offensive language Script also add review label to PR if there multiple file changes
PR will get message once PR get merged. This code will randomly generate GIF and tag user. Thanks to - @rp-1701 - share link dev.io - @Roshanjossey - review - @rossana87 - for reddit logo - @NextThread - For share link to hackernews Co-Authored-By: Roshan Jossy <8488446+Roshanjossey@users.noreply.github.com> Co-Authored-By: Rossana Ventrella <99794555+rossana87@users.noreply.github.com> Co-Authored-By: Rohan Patil <107268275+rp-1701@users.noreply.github.com> Co-authored-by: Anurag Roy <binarybeast@Anurags-MacBook-Air.local>
Auto v3 test
There was format error 'Invalid workflow file You have an error in your yaml syntax on line 416' Script: | and underneath script was not align properly
Jobs does not have an id attribute and it is not required to mention. The job name itself is ID here is the issue I faced: **Invalid workflow file:** .github/workflows/auto-pr-merge.yml#L11 The workflow is not valid. .github/workflows/auto-pr-merge.yml (Line: 11, Col: 5): Unexpected value 'id' .github/workflows/auto-pr-merge.yml (Line: 113, Col: 5): Unexpected value 'id'
There were invalid job references via IDs. Here is the error: The workflow is not valid. .github/workflows/auto-pr-merge.yml (Line: 365, Col: 25): Unrecognized named-value: 'check-non-safe-content'. Located at position 1 within expression: check-non-safe-content.check-non-safe-content.outputs.is_safe_contents .github/workflows/auto-pr-merge.yml **Before:** 'check-non-safe-content.check-non-safe-content.output.is_safe_content' **After:** 'check-non-safe-content.output.is_safe_content' (Line: 368, Col: 24): Unrecognized named-value: 'merge-pr'. Located at position 1 within expression: merge-pr.merge-pr.outputs.is_pr_mergeable **Before:** 'merge-pr.merge-pr.is_pr_mergeable' **After:** 'merge-pr.is_pr_mergeable' The issue resolved in this commit
fixing this error The workflow is not valid. .github/workflows/auto-pr-merge.yml (Line: 365, Col: 25): Unrecognized named-value: 'check-non-safe-content'. Located at position 1 within expression: check-non-safe-content.outputs.is_safe_contents .github/workflows/auto-pr-merge.yml (Line: 368, Col: 24): Unrecognized named-value: 'merge-pr'. Located at position 1 within expression: merge-pr.outputs.is_pr_mergeable
Jobs if statement cannot utilize the env instead needs. Fix it by replacing `.env` with `.needs`
Closed
|
Hi @Roshanjossey, this version of the script leaves a ‘Requested change’ comment when it detects replaced lines or multiple changes. Do you think we should also close PRs when such changes are detected? I’d appreciate your thoughts on this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
TL;DR
This PR adds an action that merges PRs that only change Contributors.md, after checking some criteria and giving feedback. It also improves the security of the token permissions by assigning them based on the steps.
💡 New features:
reopenedevent to trigger GitHub-action. 🆕👩🏼💻 Waiting for reviewto PR which contains multiple file changes. 🆕Description
This PR adds a GitHub action that will automatically merge pull requests that only modify the Contributors.md file. The action will check if the pull request only changes one line in the file, and if the added content is safe and respectful. The action will also post comments on the pull request to provide feedback and guidance to the contributors.
Changes
This PR includes the following changes from the previous version of the script:
mergeabilityof the pull request, using a while loop and a counter:mergeabilityvalue isnull.Contributors.mdfile. And not overall one. (Previous script checking overall additions, deletions and changes done in PR).Permissions
This PR sets minimal permissions for each job and step, to ensure that they only have access to what they need. For example:
checking all modified files and content: The job for checking all modified files and content only has read permissions for
contentsandpull requests, and write permissions forissues.issues: writepermission) if multiple files or lines were changed.checking offensive and malicious: The job for checking offensive and malicious links has read permissions for
contentsandissuestowrite.issuesare necessary to close them and post comments.merging PRs: The job for merging PRs has write permissions for
contents,pull requestsandissues.contents: writepermission) and merge pull requests (which requirespull requests: writepermission).issues: writepermission.The steps that use GitHub scripts only have access to the GitHub token with the necessary scopes. These permissions limit the exposure of sensitive data (console log of GITHUB_TOKEN) and prevent unauthorised actions on the repository.
Testing
These are test cases I performed:
Contributors.mdContributors.mdfileContributors.mdfileContributors.mdfileChecklist
Before submitting this PR, please make sure:
- need to resolve conflict on
Contributors.mdfile.Feedback
Thank you for taking the time to read this lo-o-o-o-o-o-o-ng PR description 😄. I appreciate your patience.
Please feel free to share your suggestions and improvements. I value your feedback and I want to know how we can improve it further.
Thank you again for your support and encouragement.