chore: required reviewers

2025-07-09 03:04:16 -04:00 · 2025-07-08 12:58:12 +01:00 · 2025-07-08 12:58:12 +01:00 · a8e8d27492
commit a8e8d27492
parent 15be3437bf
1 changed files with 82 additions and 0 deletions
--- a/.github/workflows/required-reviewers.yml
+++ b/.github/workflows/required-reviewers.yml
@ -0,0 +1,82 @@
+name: Required Reviewers Check
+
+on:
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  check-member-review:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: read
+      contents: read
+
+    steps:
+      - name: Check for team/admin review
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const { owner, repo } = context.repo;
+            const prNumber = context.payload.pull_request.number;
+
+            console.log(`Checking reviews for PR #${prNumber}`);
+
+            try {
+              // Fetch the users.json file from immich-app/devtools repository
+              const { data: usersFile } = await github.rest.repos.getContent({
+                owner: 'immich-app',
+                repo: 'devtools',
+                path: 'tf/deployment/data/users.json'
+              });
+
+              const usersData = JSON.parse(Buffer.from(usersFile.content, 'base64').toString());
+              console.log(`Loaded ${usersData.length} users from devtools repo`);
+
+              // Create a map of GitHub IDs to user roles for efficient lookup
+              const userRoles = new Map();
+              for (const user of usersData) {
+                if (user.github && user.github.id && (user.role === 'team' || user.role === 'admin')) {
+                  userRoles.set(user.github.id, {
+                    username: user.github.username,
+                    role: user.role
+                  });
+                }
+              }
+
+              console.log(`Found ${userRoles.size} team/admin users`);
+
+              // Get all reviews for the pull request
+              const { data: reviews } = await github.rest.pulls.listReviews({
+                owner,
+                repo,
+                pull_number: prNumber
+              });
+
+              console.log(`Found ${reviews.length} reviews`);
+
+              // Check if any review is from a team/admin member
+              let hasValidReview = false;
+
+              for (const review of reviews) {
+                console.log(`Review by ${review.user.login} (ID: ${review.user.id}): state=${review.state}`);
+
+                // Check if the reviewer is a team/admin member and the review is approved
+                const userInfo = userRoles.get(review.user.id);
+                if (userInfo && review.state === 'APPROVED') {
+                  console.log(`✅ Found approved review from ${userInfo.role} member: ${review.user.login}`);
+                  hasValidReview = true;
+                  break;
+                }
+              }
+
+              if (!hasValidReview) {
+                console.log('❌ No approved review from team/admin member found');
+                core.setFailed('This pull request requires an approved review from a team or admin member');
+              } else {
+                console.log('✅ Required team/admin member review found');
+              }
+
+            } catch (error) {
+              console.error('Error checking reviews:', error);
+              core.setFailed(`Failed to check reviews: ${error.message}`);
+            }