Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: add require multiple reviewers action #204

Merged
merged 5 commits into from
Jan 2, 2025
Merged

Conversation

zlayaAvocado
Copy link
Contributor

@zlayaAvocado zlayaAvocado commented Dec 20, 2024

Requires a specified number of reviewers for certain important files, the files are to be provided as an important-files-path var.

See README.md for more details https://github.com/dequelabs/axe-api-team-public/pull/204/files#diff-db32ad4c1ae8b5f09def402ee7d7876046a269ae8c7b5bfb42567d703807902b

NOTE: this version doesn't account for edge cases like accounting for approvals from people who requested changes, e.g. if a PR requires 2 reviewers, 1 reviewer requested changes but other 2 reviewers approved the PR, the action will pass.

  1. This would show a Tests / require-multiple-reviewers check that would fail until a required number of reviewers approves a PR that uses the action.
  2. Also shows annotations on the files that are important. Annotations remain on the files for information purposes and are not removed.

Changes requested:
Tests / require-multiple-reviewers` fails since the PR requires 1 reviewer and changes are requested

Changes approved:
Tests / require-multiple-reviewers` passes since the PR requires 1 reviewer and it's approved by 1 reviewer

Annotations:
`Annotation on an important file 'The file important.txt is important and requires at least 1 reviewers.'

Ref: https://github.com/dequelabs/axe-linter/issues/1632

@CLAassistant
Copy link

CLAassistant commented Dec 20, 2024

CLA assistant check
All committers have signed the CLA.

@zlayaAvocado zlayaAvocado changed the title ci: add require 2 reviewers action ci: add require multiple reviewers action Dec 20, 2024
@zlayaAvocado zlayaAvocado marked this pull request as ready for review December 20, 2024 16:37
@zlayaAvocado zlayaAvocado requested a review from a team as a code owner December 20, 2024 16:37
@zlayaAvocado zlayaAvocado requested a review from dbjorge December 23, 2024 16:06
.github/actions/require-multiple-reviewers-v1/src/utils.ts Outdated Show resolved Hide resolved
package.json Show resolved Hide resolved
conclusion = approvals.length < numberOfReviewers ? 'failure' : 'success'
}

await octokit.request('POST /repos/{owner}/{repo}/check-runs', {
Copy link
Contributor

@dbjorge dbjorge Dec 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you test that this does the right thing in the event that we already left a check for the same commit? eg, if it's triggered from a pull_request and then later a pull_request_review trigger, did you verify that the second one looks like it's updating the original check status (as opposed to leaving a new second status)? What about the annotations - do they get cleared out when posting the updated check, or do they need to be removed explicitly?

(I'd recommend trying this out in a separate test repo and linking the results of your testing in the PR description - I started this in https://github.com/dequelabs/dbjorge-test-repo/pull/25, feel free to use that. You can go to hit "approve" to see what happens in this scenario)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'ts going to fail and re-run the Tests / require-multiple-reviewers action

image

Annotations are warnings and don't go anywhere, they are for the information purpose so a PR author knows what important files are, and I don't think they should be removed.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with deferring this and leaving it as-is for the purposes of this PR. I suspect this is going to feel noisy, but we can adjust that once we see it in action if we need to.

@stephenmathieson
Copy link
Member

Does .github/CODEOWNERS not already do this? 🤔

@zlayaAvocado
Copy link
Contributor Author

zlayaAvocado commented Jan 2, 2025

Does .github/CODEOWNERS not already do this? 🤔

I think with codeowners you need to request specific people if you want a PR to be reviewed and approved more than once, something like *.py @user1 @user2 where these users will be automatically assigned to any .py file changed. This PR requests any specified number of reviewers to approve the files you specify, and it's not tied to any particular teams or people.

That is to my understanding of codeowners though, let me know if I am wrong 😄

@zlayaAvocado zlayaAvocado requested a review from dbjorge January 2, 2025 18:17
@zlayaAvocado zlayaAvocado dismissed dbjorge’s stale review January 2, 2025 18:36

responded to feedback

@dbjorge
Copy link
Contributor

dbjorge commented Jan 2, 2025

Does .github/CODEOWNERS not already do this? 🤔

That is to my understanding of codeowners though, let me know if I am wrong 😄

I agree with your interpretation. GitHub's implementation of CODEOWNERs unfortunately doesn't support requiring multiple reviewers; you can specify a file as being owned by multiple entities, but that results in GitHub requiring a review from any one of those entities (not each of those entities). From GitHub's docs:

Note

When reviews from code owners are required, an approval from any of the owners is sufficient to meet this requirement. For example, let's say that your CODEOWNERS file contains the following line:

*.js @global-owner1 @global-owner2
This means that changes to JavaScript files could be approved by either @global-owner1 or @global-owner2, but approvals from both are not required.

CODEOWNERS isn't a particularly well-defined format, and there exist other managed Git platforms that support more advanced CODEOWNERS features (including this). For example, GitLab supports this as part of their CODEOWNERS section syntax. Unfortunately, support for this sort of thing doesn't seem to have gained any traction at GitHub.

I think using special comments in CODEOWNERS or something instead of a new file would be a fine interface for this to use, but I didn't suggest it originally because I worried I'd be getting into bikeshedding territory.

expect(result).to.equal(2)
})

it('should handle multiple reviews from the same user and count only the latest approval', () => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch

@zlayaAvocado zlayaAvocado merged commit da003bd into main Jan 2, 2025
20 of 24 checks passed
@zlayaAvocado zlayaAvocado deleted the require-two-reviewers branch January 2, 2025 20:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants