feat(predicate): Add has_workflow_result predicate

README.md

@@ -340,6 +340,19 @@ if:
       - "status-name-2"
       - "status-name-3"
 
+  # "has_workflow_result" is satisfied if the GitHub Actions workflow runs that
+  # are specified all finished and concluded with one of the conclusions
+  # specified. "conclusions" is optional and defaults to ["success"].
+  # `workflows` contains the paths to the workflow files that are being checked.
+  # If a workflow is run more than once for a commit - for example for a `push`
+  # and `pull_request` event, the most recent completed run for each event type
+  # will be considered.
+  has_workflow_result:
+    conclusions: ["success", "skipped"]
+    workflows:
+      - ".github/workflows/a.yml"
+      - ".github/workflows/b.yml"
+
   # "has_labels" is satisfied if the pull request has the specified labels
   # applied
   has_labels:
@@ -995,6 +1008,7 @@ The app requires these permissions:
 
 | Permission | Access | Reason |
 | ---------- | ------ | ------ |
+| Actions| Read-only | Read workflow run events for the `has_workflow_result` predicate |
 | Repository contents | Read-only | Read configuration and commit metadata |
 | Checks | Read-only | Read check run results |
 | Repository administration | Read-only | Read admin team(s) membership |
@@ -1013,6 +1027,7 @@ The app should be subscribed to these events:
 * Pull request
 * Pull request review
 * Status
+* Workflow Run
 
 There is a [`logo.png`](https://github.com/palantir/policy-bot/blob/develop/logo.png)
 provided if you'd like to use it as the GitHub application logo. The background

policy/predicate/predicates.go

@@ -35,6 +35,8 @@ type Predicates struct {
 	// rather than just "success".
 	HasSuccessfulStatus *HasSuccessfulStatus `yaml:"has_successful_status"`
 
+	HasWorkflowResult *HasWorkflowResult `yaml:"has_workflow_result"`
+
 	HasLabels *HasLabels `yaml:"has_labels"`
 
 	Repository *Repository `yaml:"repository"`
@@ -90,6 +92,10 @@ func (p *Predicates) Predicates() []Predicate {
 		ps = append(ps, Predicate(p.HasSuccessfulStatus))
 	}
 
+	if p.HasWorkflowResult != nil {
+		ps = append(ps, Predicate(p.HasWorkflowResult))
+	}
+
 	if p.HasLabels != nil {
 		ps = append(ps, Predicate(p.HasLabels))
 	}

policy/predicate/workflow.go

@@ -0,0 +1,94 @@
+// Copyright 2018 Palantir Technologies, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package predicate
+
+import (
+	"context"
+	"fmt"
+	"slices"
+	"strings"
+
+	"github.com/palantir/policy-bot/policy/common"
+	"github.com/palantir/policy-bot/pull"
+	"github.com/pkg/errors"
+)
+
+type HasWorkflowResult struct {
+	Conclusions AllowedConclusions `yaml:"conclusions,omitempty"`
+	Workflows   []string           `yaml:"workflows,omitempty"`
+}
+
+func NewHasWorkflowResult(workflows []string, conclusions []string) *HasWorkflowResult {
+	return &HasWorkflowResult{
+		Conclusions: conclusions,
+		Workflows:   workflows,
+	}
+}
+
+var _ Predicate = HasWorkflowResult{}
+
+func (pred HasWorkflowResult) Evaluate(ctx context.Context, prctx pull.Context) (*common.PredicateResult, error) {
+	workflowRuns, err := prctx.LatestWorkflowRuns()
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to list latest workflow runs")
+	}
+
+	allowedConclusions := pred.Conclusions
+	if len(allowedConclusions) == 0 {
+		allowedConclusions = AllowedConclusions{"success"}
+	}
+
+	predicateResult := common.PredicateResult{
+		ValuePhrase:     "workflow results",
+		ConditionPhrase: fmt.Sprintf("exist and have conclusion %s", allowedConclusions.joinWithOr()),
+	}
+
+	var missingResults []string
+	var failingWorkflows []string
+	for _, workflow := range pred.Workflows {
+		conclusions, ok := workflowRuns[workflow]
+		if !ok {
+			missingResults = append(missingResults, workflow)
+		}
+		for _, conclusion := range conclusions {
+			if !slices.Contains(allowedConclusions, conclusion) {
+				failingWorkflows = append(failingWorkflows, workflow)
+			}
+		}
+	}
+
+	if len(missingResults) > 0 {
+		predicateResult.Values = missingResults
+		predicateResult.Description = "One or more workflow runs are missing: " + strings.Join(missingResults, ", ")
+		predicateResult.Satisfied = false
+		return &predicateResult, nil
+	}
+
+	if len(failingWorkflows) > 0 {
+		predicateResult.Values = failingWorkflows
+		predicateResult.Description = fmt.Sprintf("One or more workflow runs have not concluded with %s: %s", pred.Conclusions.joinWithOr(), strings.Join(failingWorkflows, ","))
+		predicateResult.Satisfied = false
+		return &predicateResult, nil
+	}
+
+	predicateResult.Values = pred.Workflows
+	predicateResult.Satisfied = true
+
+	return &predicateResult, nil
+}
+
+func (pred HasWorkflowResult) Trigger() common.Trigger {
+	return common.TriggerStatus
+}