You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
GitHub Action
ApproveOps - Approvals in IssueOps
v2.0.2
Approvals in IssueOps
See the following guide on this action: https://josh-ops.com/posts/github-approveops/
name: ApproveOps
on:
issue_comment:
types: [created]
jobs:
approveops:
runs-on: ubuntu-latest
if: contains(github.event.comment.body, '/do-stuff')
steps:
# get the app's installation token
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}
- name: ApproveOps - Approvals in IssueOps
uses: joshjohanning/approveops@v2
id: check-approval
with:
token: ${{ steps.app-token.outputs.token }} # use a github app token or a PAT
approve-command: '/approve' # defaults to '/approve', the command to look for in the comments
team-name: 'approver-team' # the name of the team in GitHub to check for the approval command; e.g.: approver-team
fail-if-approval-not-found: true # defaults to true, fail the action (show the action run as red) if the command is not found in the comments from someone in the approver team"
post-successful-approval-comment: false # defaults to true, whether to post successful approval comment
successful-approval-comment: ':tada: You were able to run the workflow because someone left an approval in the comments!! :tada:' # Optional, only if post-successful-approval-comment is true, comment to post if an approval is found- Create a GitHub team and add at least one member
- Authentication options:
- GitHub App
- If you are using a GitHub Github App, it will need following permissions:
- read & write on
Repository / Issuesto create the comment - read-only on
Organization / Membersto list the members of the team
- read & write on
- Generate a
PRIVATE_KEYfor the GitHub app and store it as a repo or organizational secret - Note the
APP IDto use as an input for an action likeactions/create-github-app-token@v1
- If you are using a GitHub Github App, it will need following permissions:
- Classic PAT
- If you are using a classic PAT, it will need the following scopes:
repo- to create the commentread:org- to list the members of the team
- Fine-grained PAT
- If you are using a fine-grained PAT, it will need following permissions (same as GitHub App):
- read & write on
Repository / Issuesto create the comment - read-only on
Organization / Membersto list the members of the team
- read & write on
- If you are using a fine-grained PAT, it will need following permissions (same as GitHub App):
See the following guide on creating a GitHub app: https://josh-ops.com/posts/github-apps/
Notes:
- A Personal Access Token (PAT) is not used since we want the comment to show as from a bot
- The
github.tokenis not used since the token can't provide hyperlinks for @ mentions since it doesn't have the scope for org teams, only repository data
Extracting the logic for generating a GitHub App's installation token so that you can either use an alternative action or method to retrieve the token or to be able use a GitHub PAT instead.
Added/removed the following inputs:
| Input | Action | Required | Note |
|---|---|---|---|
token |
Added | Yes | GitHub App installation token or PAT that has access to read+write comments and list the team's membership, e.g.: ${{ steps.get_installation_token.outputs.token }} |
approve-command |
Added | No | Optional, defaults to /approve, the command to look for in the comments |
app-id |
Removed | Yes | The app ID for a GitHub App, e.g.: 170284 |
app-private-key |
Removed | Yes | The private key for a GitHub App, e.g.: ${{ secrets.APP_PRIVATE_KEY }} |
Removed the following dependency:
tibdex/github-app-token@v1
