AAE-29010 GH actions rerun after approval (#10772) (#10774)

* Add rerun function after first approval is there. * Adjust pull request with github pr number as var * Add check label step to check "do not merge" label * cleanup
2025-05-12 17:04:57 +00:00 · 2025-04-09 07:16:26 +02:00 · 2025-04-09 07:16:26 +02:00 · f6c446498a
commit f6c446498a
parent 137088d4f6
2 changed files with 50 additions and 28 deletions
--- a/.github/actions/before-install/action.yml
+++ b/.github/actions/before-install/action.yml
@ -18,11 +18,15 @@ runs:
    - name: base vars
      shell: bash
      run: |
+        if [[ "${{ github.event_name }}" == "pull_request_review" ]]; then
+          echo "BASE_HASH=$(git merge-base origin/${{ env.BASE_PR_REF }} HEAD) >> $GITHUB_ENV";
+        else
+          echo "BASE_HASH=$(git merge-base origin/${{ env.BASE_REF }} HEAD) >> $GITHUB_ENV";
+        fi
        {
          echo "GIT_HASH=$(git rev-parse HEAD)";
-          echo "BASE_HASH=$(git merge-base origin/${GITHUB_BASE_REF} HEAD)";
          echo "HEAD_HASH=HEAD";
-          echo "HEAD_COMMIT_HASH=${GH_COMMIT}";
+          echo "HEAD_COMMIT_HASH=${{ env.GH_COMMIT }}";
          echo "NX_CALCULATION_FLAGS=--all";
          echo "BUILD_OPTS=--configuration production";
          echo CI_FORCE_RUN=false;
@ -37,15 +41,21 @@ runs:
        echo "BREAK_ACTION=true" >> $GITHUB_ENV

    - name: PULL_REQUEST event
-      if: ${{ env.BREAK_ACTION == false && github.event_name == 'pull_request' && !github.event.pull_request.merged }}
+      if: ${{ env.BREAK_ACTION == false && (github.event_name == 'pull_request' || github.event_name == 'pull_request_review') && !github.event.pull_request.merged }}
      shell: bash
      run: |
        echo "Setting up CI flags for Pull Request event"
-        NX_CALCULATION_FLAGS="--base=origin/${GITHUB_BASE_REF} --head=$HEAD_HASH"
+        if [[ "${{ github.event_name }}" == "pull_request_review" ]]; then
+            NX_CALCULATION_FLAGS="--base=origin/${{ env.BASE_PR_REF }} --head=$HEAD_HASH"
+            BASE_HASH="origin/${{ env.BASE_PR_REF }}"
+        else
+            NX_CALCULATION_FLAGS="--base=origin/${{ env.BASE_REF }} --head=$HEAD_HASH"
+            BASE_HASH="origin/${{ env.BASE_REF }}"
+        fi
        {
-          echo "NX_CALCULATION_FLAGS=$NX_CALCULATION_FLAGS";
-          echo "BASE_HASH=origin/${GITHUB_BASE_REF}";
-          echo "BREAK_ACTION=true";
+            echo "NX_CALCULATION_FLAGS=$NX_CALCULATION_FLAGS";
+            echo "BASE_HASH=$BASE_HASH";
+            echo "BREAK_ACTION=true";
        } >> $GITHUB_ENV

    - name: RELEASE on master/develop patch branch
@ -59,10 +69,10 @@ runs:
            # into develop-patch*
            echo "Setting up CI flags for Push develop patch"
        else
-          echo "Setting up CI flags for Push on develop branch"
-          # base=$(git describe --tags $(git rev-list --tags --max-count=1))
-          # we publish always all the libs until we don't handle partial release
-          echo "NX_CALCULATION_FLAGS=--all" >> $GITHUB_ENV
+            echo "Setting up CI flags for Push on develop branch"
+            # base=$(git describe --tags $(git rev-list --tags --max-count=1))
+            # we publish always all the libs until we don't handle partial release
+            echo "NX_CALCULATION_FLAGS=--all" >> $GITHUB_ENV
        fi
        echo "BREAK_ACTION=true" >> $GITHUB_ENV

--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@ -25,6 +25,8 @@ on:
      - master
      - develop-patch*
      - master-patch*
+  pull_request_review:
+    types: [submitted, dismissed]

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
@ -32,7 +34,9 @@ concurrency:

 env:
  BASE_REF: ${{ github.base_ref }}
+  BASE_PR_REF: ${{ github.event.pull_request.base.ref }}
  HEAD_REF: ${{ github.head_ref }}
+  HEAD_PR_REF: ${{ github.event.pull_request.head.ref }}
  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
  GITHUB_BRANCH: ${{ github.ref_name }}
@ -41,6 +45,7 @@ env:
  BUILD_ID: ${{ github.run_id }}
  GH_RUN_NUMBER: ${{ github.run_attempt }}
  GH_BUILD_NUMBER: ${{ github.run_id }}
+  GH_PR_NUMBER: ${{github.event.pull_request.number}}
  JOB_ID: ${{ github.run_id }}
  LOG_LEVEL: "ERROR"
  S3_BUILD_BUCKET_SHORT_NAME: ${{ secrets.S3_BUILD_BUCKET_SHORT_NAME }}
@ -77,6 +82,9 @@ jobs:

  check-if-pr-is-approved:
    runs-on: ubuntu-latest
+    outputs:
+      isLabeledWithDoNotMerge: ${{ steps.check-label.outputs.isLabeledWithDoNotMerge }}
+      pr_approved: ${{ steps.check-approval.outputs.pr_approved }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@ -100,19 +108,22 @@ jobs:
              skip_check="true"
          fi

-      - name: Get PR number
-        if: ${{ github.event_name != 'schedule' && github.event_name != 'workflow_dispatch' }}
-        uses: kamatama41/get-pr-number-action@0bcaab5752c0b699149e74667c8ce2f764cbb7fa # v0.9.1
-        id: action
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: show pr number
-        shell: bash
+      - name: Check if PR is labeled
+        id: check-label
        run: |
-          echo "PR: ${{ steps.action.outputs.number }}"
+          if echo '${{ toJson(github.event.pull_request.labels) }}' | jq -e '.[] | select(.name | contains("do not merge"))'; then
+            echo "::warning::PR is labeled as 'do not merge'"
+            echo "isLabeledWithDoNotMerge=true" >> $GITHUB_ENV
+            echo "isLabeledWithDoNotMerge=true" >> $GITHUB_OUTPUT
+          else
+            echo "PR is not labeled as 'do not merge'"
+            echo "isLabeledWithDoNotMerge=false" >> $GITHUB_ENV
+            echo "isLabeledWithDoNotMerge=false" >> $GITHUB_OUTPUT
+          fi

-      - name: check if pr is approved
+      - name: Check if PR is approved
+        id: check-approval
+        if: env.isLabeledWithDoNotMerge == 'false'
        env:
          DEVEL_FLAG: ${{ inputs.devel }}
          GH_TOKEN: ${{ github.token }}
@ -139,17 +150,17 @@ jobs:
            echo -e "\033[32mDevel flag\033[0m"
            skip_check="true"
          fi
-
          if [ "$skip_check" == "false" ]; then
            echo "Checking PR approval"
-            prNumber=${{ steps.action.outputs.number }}
-            echo "PR: $prNumber"
-            checkApproval=$(gh api /repos/$GITHUB_REPOSITORY/pulls/$prNumber/reviews | jq '.[] | select(.state == "APPROVED") | .user.login')
-            if [[ $checkApproval ]]; then
+            echo "PR: $GH_PR_NUMBER"
+
+            if gh pr view $GH_PR_NUMBER --json reviews | jq -e '.reviews[] | select(.state == "APPROVED")'; then
              echo -e "\033[32mPR approved\033[0m"
+              echo "pr_approved=true" >> $GITHUB_OUTPUT
            else
+              echo "::error::PR NOT approved"
              echo -e "\033[31mPR NOT approved\033[0m"
-              exit 1
+              echo "pr_approved=false" >> $GITHUB_OUTPUT
            fi
          fi

@ -159,6 +170,7 @@ jobs:
    name: "Setup"
    runs-on: ubuntu-latest
    needs: [check-if-pr-is-approved, pre-checks]
+    if: ${{ needs.check-if-pr-is-approved.outputs.isLabeledWithDoNotMerge == 'false' && needs.check-if-pr-is-approved.outputs.pr_approved == 'true' }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2