Skip to content

audit: check for Python-wide site-package usage #33918

audit: check for Python-wide site-package usage

audit: check for Python-wide site-package usage #33918

Workflow file for this run

name: Triage
on:
pull_request_target:
types:
- opened
- synchronize
- reopened
- labeled
- unlabeled
permissions: {}
concurrency: triage-${{ github.head_ref }}
jobs:
review:
runs-on: ubuntu-22.04
if: startsWith(github.repository, 'Homebrew/')
steps:
- name: Review pull request
if: >
(github.event_name == 'pull_request' || github.event_name == 'pull_request_target') &&
github.event.pull_request.state != 'closed'
uses: actions/github-script@v7
with:
github-token: ${{ secrets.HOMEBREW_BREW_TRIAGE_PULL_REQUESTS_TOKEN }}
script: |
async function approvePullRequest(pullRequestNumber) {
const reviews = await approvalsByAuthenticatedUser(pullRequestNumber)
if (reviews.length > 0) {
return
}
await github.rest.pulls.createReview({
...context.repo,
pull_number: pullRequestNumber,
event: 'APPROVE',
})
}
async function approvalsByAuthenticatedUser(pullRequestNumber) {
const { data: user } = await github.rest.users.getAuthenticated()
const { data: reviews } = await github.rest.pulls.listReviews({
...context.repo,
pull_number: pullRequestNumber,
})
const approvals = reviews.filter(review => review.state == 'APPROVED')
return approvals.filter(review => review.user.login == user.login)
}
async function reviewPullRequest(pullRequestNumber) {
const { data: pullRequest } = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: pullRequestNumber,
})
const { data: user } = await github.rest.users.getAuthenticated()
if (pullRequest.user.login == user.login) {
core.warning('Pull request author is a bot.')
return
}
if (pullRequest.author_association != 'MEMBER') {
core.warning('Pull request author is not a member.')
return
}
const criticalLabel = 'critical'
const labels = pullRequest.labels.map(label => label.name)
const hasCriticalLabel = labels.includes(criticalLabel)
if (hasCriticalLabel) {
const message = `Review granted due to \`${criticalLabel}\` label.`
core.info(message)
await approvePullRequest(pullRequestNumber)
}
}
await reviewPullRequest(context.issue.number)