music-assistant-server

1# Dependency Approval via Comment Command
2# Allows maintainers to approve dependency changes by commenting /approve-dependencies
3
4name: Dependency Approval Command
5
6on:
7  issue_comment:
8    types: [created]
9
10permissions:
11  issues: write
12  pull-requests: write
13
14jobs:
15  approve-via-command:
16    runs-on: ubuntu-latest
17    # Only run on PRs, not issues
18    if: github.event.issue.pull_request
19    steps:
20      - name: Check for approval command
21        uses: actions/github-script@v8
22        with:
23          script: |
24            const comment = context.payload.comment;
25            const commentBody = comment.body.trim();
26
27            // Check if comment contains the approval command
28            if (!commentBody.match(/^\/approve-dependencies$/m)) {
29              core.info('Not an approval command, skipping');
30              return;
31            }
32
33            // Check if the comment creator is a maintainer/admin
34            const userPermission = await github.rest.repos.getCollaboratorPermissionLevel({
35              owner: context.repo.owner,
36              repo: context.repo.repo,
37              username: comment.user.login
38            });
39
40            const hasPermission = ['admin', 'write'].includes(userPermission.data.permission);
41
42            if (!hasPermission) {
43              await github.rest.issues.createComment({
44                owner: context.repo.owner,
45                repo: context.repo.repo,
46                issue_number: context.issue.number,
47                body: `❌ @${comment.user.login} does not have permission to approve dependencies. Only maintainers with write access can approve.`
48              });
49              return;
50            }
51
52            // Check if already approved
53            const labels = context.payload.issue.labels.map(l => l.name);
54            const alreadyApproved = labels.includes('dependencies-reviewed');
55
56            if (alreadyApproved) {
57              await github.rest.issues.createComment({
58                owner: context.repo.owner,
59                repo: context.repo.repo,
60                issue_number: context.issue.number,
61                body: `ℹ️  Dependencies already approved - \`dependencies-reviewed\` label is present.`
62              });
63              return;
64            }
65
66            // Add the dependencies-reviewed label
67            await github.rest.issues.addLabels({
68              owner: context.repo.owner,
69              repo: context.repo.repo,
70              issue_number: context.issue.number,
71              labels: ['dependencies-reviewed']
72            });
73
74            // Add a confirmation comment
75            await github.rest.issues.createComment({
76              owner: context.repo.owner,
77              repo: context.repo.repo,
78              issue_number: context.issue.number,
79              body: `✅ **Dependencies approved** by @${comment.user.login}\n\nThe \`dependencies-reviewed\` label has been added. Security checks will now pass and this PR can be merged.`
80            });
81
82            // Add a reaction to the command comment
83            await github.rest.reactions.createForIssueComment({
84              owner: context.repo.owner,
85              repo: context.repo.repo,
86              comment_id: comment.id,
87              content: '+1'
88            });
89
90            core.info('✅ Dependencies approved and label added');
91