diff --git a/.github/workflows/review-bot.yml b/.github/workflows/review-bot.yml index 31cac54..2384c81 100644 --- a/.github/workflows/review-bot.yml +++ b/.github/workflows/review-bot.yml @@ -6,10 +6,6 @@ on: types: - completed -permissions: - contents: read - checks: write - jobs: review-approvals: runs-on: ubuntu-latest @@ -30,7 +26,8 @@ jobs: - name: "Evaluates PR reviews and assigns reviewers" uses: paritytech/review-bot@main with: - repo-token: ${{ secrets.GITHUB_TOKEN }} + repo-token: ${{ steps.team_token.outputs.token }} team-token: ${{ steps.team_token.outputs.token }} checks-token: ${{ steps.team_token.outputs.token }} pr-number: ${{ steps.number.outputs.content }} + request-reviewers: true diff --git a/README.md b/README.md index c4218ef..e4df72d 100644 --- a/README.md +++ b/README.md @@ -138,8 +138,12 @@ You can find all the inputs in [the action file](./action.yml), but let's walk t - It is already in the installation section, but you need to give the following [permissions](https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs#defining-access-for-the-github_token-scopes) to the action: - `contents`: read - `checks`: write + - `pull-requests`: write + - **Imporant**: if `request-reviewers` is enabled and you are using _teams_, this needs to be a [GitHub Personal Access](https://github.com/settings/tokens/new) token with `repo` and `read:org` scopes. + - This is because GitHub actions does not have access to the teams, and it can not assign teams as reviewers. - `team-token`: Token to read the team members. - - **required**. + - **required** if you are using _teams_. + - If you are only using individual users, you can use `{{ github.token }}` instead. - This needs to be a [GitHub Personal Access](https://github.com/settings/tokens/new) token with `read:org` permission. - It is used to extract the members of teams. - `checks-token`: Token to write the status checks. @@ -153,8 +157,8 @@ You can find all the inputs in [the action file](./action.yml), but let's walk t - **default**: `.github/review-bot.yml` - `request-reviewers`: If the system should automatically request the required reviewers. - **default**: false. - - If enabled, when there are missing reviews, the system will request the appropriate users and/or team to review. (Note: It won't assign fellowship members as reviewers) - - If enabled, and using teams, this requires a GitHub action with `write` permission for `pull request`. + - If enabled, when there are missing reviews, the system will request the appropriate users and/or team to review. + - If enabled, and using teams, this requires a GitHub app with `write` permission for `pull request`. #### Using a GitHub app instead of a PAT In some cases, specially in big organizations, it is more organized to use a GitHub app to authenticate, as it allows us to give it permissions per repository, and we can fine-grain them even better. If you wish to do that, you need to create a GitHub app with the following permissions: @@ -164,6 +168,8 @@ In some cases, specially in big organizations, it is more organized to use a Git - Repository permissions: - Checks - [x] Write + - Pull Request + - [x] Write Because this project is intended to be used with a token, we need to do an extra step to generate one from the GitHub app: - After you create the app, copy the *App ID* and the *private key* and set them as secrets. @@ -179,9 +185,9 @@ Because this project is intended to be used with a token, we need to do an extra - name: "Evaluates PR reviews" uses: paritytech/review-bot@main with: - repo-token: ${{ github.token }} # The previous step generates a token which is used as the input for this action - team-token: ${{ steps.generate_token.outputs.token } + repo-token: ${{ steps.generate_token.outputs.token }} + team-token: ${{ steps.generate_token.outputs.token }} checks-token: ${{ steps.generate_token.outputs.token }} pr-number: ${{ steps.number.outputs.content }} ``` @@ -433,6 +439,12 @@ It also has any other field from the [`basic rule`](#basic-rule) (with the excep - **Optional**: Defaults to `false`. - **minRank**: Must be a number. - **Required** + +##### Note +The fellows rule will never request reviewers, even if `request-reviewers` rule is enabled. + +This is because there are ~50 fellows and GitHub’s PR request limit is 20 users, so, if a low rank is required, the system wouldn’t allow to assign them. + ### Evaluating config If you want to evaluate the config file to find problems before merging it, we have a simple `cli` to do so.