audit: check for Python-wide site-package usage #33918
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Triage | |
on: | |
pull_request_target: | |
types: | |
- opened | |
- synchronize | |
- reopened | |
- labeled | |
- unlabeled | |
permissions: {} | |
concurrency: triage-${{ github.head_ref }} | |
jobs: | |
review: | |
runs-on: ubuntu-22.04 | |
if: startsWith(github.repository, 'Homebrew/') | |
steps: | |
- name: Review pull request | |
if: > | |
(github.event_name == 'pull_request' || github.event_name == 'pull_request_target') && | |
github.event.pull_request.state != 'closed' | |
uses: actions/github-script@v7 | |
with: | |
github-token: ${{ secrets.HOMEBREW_BREW_TRIAGE_PULL_REQUESTS_TOKEN }} | |
script: | | |
async function approvePullRequest(pullRequestNumber) { | |
const reviews = await approvalsByAuthenticatedUser(pullRequestNumber) | |
if (reviews.length > 0) { | |
return | |
} | |
await github.rest.pulls.createReview({ | |
...context.repo, | |
pull_number: pullRequestNumber, | |
event: 'APPROVE', | |
}) | |
} | |
async function approvalsByAuthenticatedUser(pullRequestNumber) { | |
const { data: user } = await github.rest.users.getAuthenticated() | |
const { data: reviews } = await github.rest.pulls.listReviews({ | |
...context.repo, | |
pull_number: pullRequestNumber, | |
}) | |
const approvals = reviews.filter(review => review.state == 'APPROVED') | |
return approvals.filter(review => review.user.login == user.login) | |
} | |
async function reviewPullRequest(pullRequestNumber) { | |
const { data: pullRequest } = await github.rest.pulls.get({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
pull_number: pullRequestNumber, | |
}) | |
const { data: user } = await github.rest.users.getAuthenticated() | |
if (pullRequest.user.login == user.login) { | |
core.warning('Pull request author is a bot.') | |
return | |
} | |
if (pullRequest.author_association != 'MEMBER') { | |
core.warning('Pull request author is not a member.') | |
return | |
} | |
const criticalLabel = 'critical' | |
const labels = pullRequest.labels.map(label => label.name) | |
const hasCriticalLabel = labels.includes(criticalLabel) | |
if (hasCriticalLabel) { | |
const message = `Review granted due to \`${criticalLabel}\` label.` | |
core.info(message) | |
await approvePullRequest(pullRequestNumber) | |
} | |
} | |
await reviewPullRequest(context.issue.number) |