Approvals in IssueOps
See the following guide on this action: https://josh-ops.com/posts/github-approveops/
name: ApproveOps
on:
issue_comment:
types: [created]
jobs:
approveops:
runs-on: ubuntu-latest
if: contains(github.event.comment.body, '/do-stuff')
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}
- name: ApproveOps - Approvals in IssueOps
uses: joshjohanning/approveops@v2
id: check-approval
with:
token: ${{ steps.app-token.outputs.token }}
approve-command: '/approve'
team-name: 'approver-team'
fail-if-approval-not-found: true
post-successful-approval-comment: false| Name | Description | Required | Default |
|---|---|---|---|
token |
GitHub App installation token or PAT that has access to read+write comments and list the team's membership | true |
'' |
approve-command |
The approval command to look for in the comments | true |
/approve |
team-name |
The name of the team in GitHub to check for the approval command, e.g. approver-team |
true |
'' |
fail-if-approval-not-found |
Fail the action (show the action run as red) if the command is not found in the comments from someone in the approver team | true |
true |
post-successful-approval-comment |
Whether to post successful approval comment | true |
true |
successful-approval-comment |
Comment to post if an approval is found | true |
':tada: You were able to run the workflow because someone left an approval in the comments!!' |
- Create a GitHub team and add at least one member
- Authentication options:
- GitHub App
- If you are using a GitHub Github App, it will need following permissions:
- read & write on
Repository / Issuesto create the comment - read-only on
Organization / Membersto list the members of the team
- read & write on
- Generate a
PRIVATE_KEYfor the GitHub app and store it as a repo or organizational secret - Note the
APP IDto use as an input for an action likeactions/create-github-app-token@v1
- If you are using a GitHub Github App, it will need following permissions:
- Classic PAT
- If you are using a classic PAT, it will need the following scopes:
repo- to create the commentread:org- to list the members of the team
- Fine-grained PAT
- If you are using a fine-grained PAT, it will need following permissions (same as GitHub App):
- read & write on
Repository / Issuesto create the comment - read-only on
Organization / Membersto list the members of the team
- read & write on
- If you are using a fine-grained PAT, it will need following permissions (same as GitHub App):
See the following guide on creating a GitHub app: https://josh-ops.com/posts/github-apps/
Notes:
- A Personal Access Token (PAT) is not used since we want the comment to show as from a bot
- The
github.tokenis not used since the token can't provide hyperlinks for @ mentions since it doesn't have the scope for org teams, only repository data
Required software installed on runner:
Extracting the logic for generating a GitHub App's installation token so that you can either use an alternative action or method to retrieve the token or to be able use a GitHub PAT instead.
Added/removed the following inputs:
| Input | Action | Required | Note |
|---|---|---|---|
token |
Added | Yes | GitHub App installation token or PAT that has access to read+write comments and list the team's membership, e.g.: ${{ steps.get_installation_token.outputs.token }} |
approve-command |
Added | No | Optional, defaults to /approve, the command to look for in the comments |
app-id |
Removed | Yes | The app ID for a GitHub App, e.g.: 170284 |
app-private-key |
Removed | Yes | The private key for a GitHub App, e.g.: ${{ secrets.APP_PRIVATE_KEY }} |
Removed the following dependency:
tibdex/github-app-token@v1
