UNPKG

projen

Version:

CDK for software projects

github.com/projen/projen

projen/projen

69 lines 10.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
"use strict"; var _a; Object.defineProperty(exports, "__esModule", { value: true }); exports.AutoApprove = void 0; const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti"); const workflows_model_1 = require("./workflows-model"); const component_1 = require("../component"); const runner_options_1 = require("../runner-options"); /** * Auto approve pull requests that meet a criteria */ class AutoApprove extends component_1.Component { constructor(github, options = {}) { super(github.project); this.label = options.label ?? "auto-approve"; const usernames = options.allowedUsernames ?? ["github-actions[bot]"]; let condition = `contains(github.event.pull_request.labels.*.name, '${this.label}')`; if (usernames.length > 0) { condition += " && ("; condition += usernames .map((u) => `github.event.pull_request.user.login == '${u}'`) .join(" || "); condition += ")"; } const secret = options.secret ?? "GITHUB_TOKEN"; const approveJob = { ...(0, runner_options_1.filteredRunsOnOptions)(options.runsOn, options.runsOnGroup), permissions: { pullRequests: workflows_model_1.JobPermission.WRITE, }, if: condition, steps: [ { uses: "hmarr/auto-approve-action@v2.2.1", with: { "github-token": `\${{ secrets.${secret} }}`, }, }, ], }; const workflow = github.addWorkflow("auto-approve"); workflow.on({ // The 'pull request' event gives the workflow 'read-only' permissions on some // pull requests (such as the ones from dependabot) when using the `GITHUB_TOKEN` // security token. This prevents the workflow from approving these pull requests. // Github has placed this guard so as to prevent security attacks by simply opening // a pull request and triggering a workflow on a commit that was not vetted to make // unintended changes to the repository. // // Instead use the 'pull request target' event here that gives the Github workflow // 'read-write' permissions. This is safe because, this event, unlike the 'pull request' // event references the BASE commit of the pull request and not the HEAD commit. pullRequestTarget: { types: [ "labeled", "opened", "synchronize", "reopened", "ready_for_review", ], }, }); workflow.addJobs({ approve: approveJob }); } } exports.AutoApprove = AutoApprove; _a = JSII_RTTI_SYMBOL_1; AutoApprove[_a] = { fqn: "projen.github.AutoApprove", version: "0.95.2" }; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXV0by1hcHByb3ZlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2dpdGh1Yi9hdXRvLWFwcHJvdmUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFDQSx1REFBdUQ7QUFDdkQsNENBQXlDO0FBQ3pDLHNEQUE4RTtBQWtEOUU7O0dBRUc7QUFDSCxNQUFhLFdBQVksU0FBUSxxQkFBUztJQUd4QyxZQUFZLE1BQWMsRUFBRSxVQUE4QixFQUFFO1FBQzFELEtBQUssQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7UUFFdEIsSUFBSSxDQUFDLEtBQUssR0FBRyxPQUFPLENBQUMsS0FBSyxJQUFJLGNBQWMsQ0FBQztRQUM3QyxNQUFNLFNBQVMsR0FBRyxPQUFPLENBQUMsZ0JBQWdCLElBQUksQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO1FBRXRFLElBQUksU0FBUyxHQUFHLHNEQUFzRCxJQUFJLENBQUMsS0FBSyxJQUFJLENBQUM7UUFDckYsSUFBSSxTQUFTLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ3pCLFNBQVMsSUFBSSxPQUFPLENBQUM7WUFDckIsU0FBUyxJQUFJLFNBQVM7aUJBQ25CLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsNENBQTRDLENBQUMsR0FBRyxDQUFDO2lCQUM1RCxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7WUFDaEIsU0FBUyxJQUFJLEdBQUcsQ0FBQztRQUNuQixDQUFDO1FBRUQsTUFBTSxNQUFNLEdBQUcsT0FBTyxDQUFDLE1BQU0sSUFBSSxjQUFjLENBQUM7UUFFaEQsTUFBTSxVQUFVLEdBQVE7WUFDdEIsR0FBRyxJQUFBLHNDQUFxQixFQUFDLE9BQU8sQ0FBQyxNQUFNLEVBQUUsT0FBTyxDQUFDLFdBQVcsQ0FBQztZQUM3RCxXQUFXLEVBQUU7Z0JBQ1gsWUFBWSxFQUFFLCtCQUFhLENBQUMsS0FBSzthQUNsQztZQUNELEVBQUUsRUFBRSxTQUFTO1lBQ2IsS0FBSyxFQUFFO2dCQUNMO29CQUNFLElBQUksRUFBRSxrQ0FBa0M7b0JBQ3hDLElBQUksRUFBRTt3QkFDSixjQUFjLEVBQUUsZ0JBQWdCLE1BQU0sS0FBSztxQkFDNUM7aUJBQ0Y7YUFDRjtTQUNGLENBQUM7UUFFRixNQUFNLFFBQVEsR0FBRyxNQUFNLENBQUMsV0FBVyxDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBQ3BELFFBQVEsQ0FBQyxFQUFFLENBQUM7WUFDViw4RUFBOEU7WUFDOUUsaUZBQWlGO1lBQ2pGLGlGQUFpRjtZQUNqRixtRkFBbUY7WUFDbkYsbUZBQW1GO1lBQ25GLHdDQUF3QztZQUN4QyxFQUFFO1lBQ0Ysa0ZBQWtGO1lBQ2xGLHdGQUF3RjtZQUN4RixnRkFBZ0Y7WUFDaEYsaUJBQWlCLEVBQUU7Z0JBQ2pCLEtBQUssRUFBRTtvQkFDTCxTQUFTO29CQUNULFFBQVE7b0JBQ1IsYUFBYTtvQkFDYixVQUFVO29CQUNWLGtCQUFrQjtpQkFDbkI7YUFDRjtTQUNGLENBQUMsQ0FBQztRQUNILFFBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRSxPQUFPLEVBQUUsVUFBVSxFQUFFLENBQUMsQ0FBQztJQUM1QyxDQUFDOztBQTNESCxrQ0E0REMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBHaXRIdWIgfSBmcm9tIFwiLi9naXRodWJcIjtcbmltcG9ydCB7IEpvYiwgSm9iUGVybWlzc2lvbiB9IGZyb20gXCIuL3dvcmtmbG93cy1tb2RlbFwiO1xuaW1wb3J0IHsgQ29tcG9uZW50IH0gZnJvbSBcIi4uL2NvbXBvbmVudFwiO1xuaW1wb3J0IHsgR3JvdXBSdW5uZXJPcHRpb25zLCBmaWx0ZXJlZFJ1bnNPbk9wdGlvbnMgfSBmcm9tIFwiLi4vcnVubmVyLW9wdGlvbnNcIjtcblxuLyoqXG4gKiBPcHRpb25zIGZvciAnQXV0b0FwcHJvdmUnXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgQXV0b0FwcHJvdmVPcHRpb25zIHtcbiAgLyoqXG4gICAqIE9ubHkgcHVsbCByZXF1ZXN0cyBhdXRob3JlZCBieSB0aGVzZSBHaXRodWIgdXNlcm5hbWVzIHdpbGwgYmUgYXV0by1hcHByb3ZlZC5cbiAgICogQGRlZmF1bHQgWydnaXRodWItYm90J11cbiAgICovXG4gIHJlYWRvbmx5IGFsbG93ZWRVc2VybmFtZXM/OiBzdHJpbmdbXTtcblxuICAvKipcbiAgICogT25seSBwdWxsIHJlcXVlc3RzIHdpdGggdGhpcyBsYWJlbCB3aWxsIGJlIGF1dG8tYXBwcm92ZWQuXG4gICAqIEBkZWZhdWx0ICdhdXRvLWFwcHJvdmUnXG4gICAqL1xuICByZWFkb25seSBsYWJlbD86IHN0cmluZztcblxuICAvKipcbiAgICogQSBHaXRIdWIgc2VjcmV0IG5hbWUgd2hpY2ggY29udGFpbnMgYSBHaXRIdWIgQWNjZXNzIFRva2VuXG4gICAqIHdpdGggd3JpdGUgcGVybWlzc2lvbnMgZm9yIHRoZSBgcHVsbF9yZXF1ZXN0YCBzY29wZS5cbiAgICpcbiAgICogVGhpcyB0b2tlbiBpcyB1c2VkIHRvIGFwcHJvdmUgcHVsbCByZXF1ZXN0cy5cbiAgICpcbiAgICogR2l0aHViIGZvcmJpZHMgYW4gaWRlbnRpdHkgdG8gYXBwcm92ZSBpdHMgb3duIHB1bGwgcmVxdWVzdC5cbiAgICogSWYgeW91ciBwcm9qZWN0IHByb2R1Y2VzIGF1dG9tYXRlZCBwdWxsIHJlcXVlc3RzIHVzaW5nIHRoZSBHaXRodWIgZGVmYXVsdCB0b2tlbiAtXG4gICAqIHtAbGluayBodHRwczovL2RvY3MuZ2l0aHViLmNvbS9lbi9hY3Rpb25zL3JlZmVyZW5jZS9hdXRoZW50aWNhdGlvbi1pbi1hLXdvcmtmbG93IGBHSVRIVUJfVE9LRU5gIH1cbiAgICogLSB0aGF0IHlvdSB3b3VsZCBsaWtlIGF1dG8gYXBwcm92ZWQsIHN1Y2ggYXMgd2hlbiB1c2luZyB0aGUgYGRlcHNVcGdyYWRlYCBwcm9wZXJ0eSBpblxuICAgKiBgTm9kZVByb2plY3RPcHRpb25zYCwgdGhlbiB5b3UgbXVzdCB1c2UgYSBkaWZmZXJlbnQgdG9rZW4gaGVyZS5cbiAgICpcbiAgICogQGRlZmF1bHQgXCJHSVRIVUJfVE9LRU5cIlxuICAgKi9cbiAgcmVhZG9ubHkgc2VjcmV0Pzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBHaXRodWIgUnVubmVyIHNlbGVjdGlvbiBsYWJlbHNcbiAgICogQGRlZmF1bHQgW1widWJ1bnR1LWxhdGVzdFwiXVxuICAgKiBAZGVzY3JpcHRpb24gRGVmaW5lcyBhIHRhcmdldCBSdW5uZXIgYnkgbGFiZWxzXG4gICAqIEB0aHJvd3Mge0Vycm9yfSBpZiBib3RoIGBydW5zT25gIGFuZCBgcnVuc09uR3JvdXBgIGFyZSBzcGVjaWZpZWRcbiAgICovXG4gIHJlYWRvbmx5IHJ1bnNPbj86IHN0cmluZ1tdO1xuXG4gIC8qKlxuICAgKiBHaXRodWIgUnVubmVyIEdyb3VwIHNlbGVjdGlvbiBvcHRpb25zXG4gICAqIEBkZXNjcmlwdGlvbiBEZWZpbmVzIGEgdGFyZ2V0IFJ1bm5lciBHcm91cCBieSBuYW1lIGFuZC9vciBsYWJlbHNcbiAgICogQHRocm93cyB7RXJyb3J9IGlmIGJvdGggYHJ1bnNPbmAgYW5kIGBydW5zT25Hcm91cGAgYXJlIHNwZWNpZmllZFxuICAgKi9cbiAgcmVhZG9ubHkgcnVuc09uR3JvdXA/OiBHcm91cFJ1bm5lck9wdGlvbnM7XG59XG5cbi8qKlxuICogQXV0byBhcHByb3ZlIHB1bGwgcmVxdWVzdHMgdGhhdCBtZWV0IGEgY3JpdGVyaWFcbiAqL1xuZXhwb3J0IGNsYXNzIEF1dG9BcHByb3ZlIGV4dGVuZHMgQ29tcG9uZW50IHtcbiAgcHVibGljIHJlYWRvbmx5IGxhYmVsOiBzdHJpbmc7XG5cbiAgY29uc3RydWN0b3IoZ2l0aHViOiBHaXRIdWIsIG9wdGlvbnM6IEF1dG9BcHByb3ZlT3B0aW9ucyA9IHt9KSB7XG4gICAgc3VwZXIoZ2l0aHViLnByb2plY3QpO1xuXG4gICAgdGhpcy5sYWJlbCA9IG9wdGlvbnMubGFiZWwgPz8gXCJhdXRvLWFwcHJvdmVcIjtcbiAgICBjb25zdCB1c2VybmFtZXMgPSBvcHRpb25zLmFsbG93ZWRVc2VybmFtZXMgPz8gW1wiZ2l0aHViLWFjdGlvbnNbYm90XVwiXTtcblxuICAgIGxldCBjb25kaXRpb24gPSBgY29udGFpbnMoZ2l0aHViLmV2ZW50LnB1bGxfcmVxdWVzdC5sYWJlbHMuKi5uYW1lLCAnJHt0aGlzLmxhYmVsfScpYDtcbiAgICBpZiAodXNlcm5hbWVzLmxlbmd0aCA+IDApIHtcbiAgICAgIGNvbmRpdGlvbiArPSBcIiAmJiAoXCI7XG4gICAgICBjb25kaXRpb24gKz0gdXNlcm5hbWVzXG4gICAgICAgIC5tYXAoKHUpID0+IGBnaXRodWIuZXZlbnQucHVsbF9yZXF1ZXN0LnVzZXIubG9naW4gPT0gJyR7dX0nYClcbiAgICAgICAgLmpvaW4oXCIgfHwgXCIpO1xuICAgICAgY29uZGl0aW9uICs9IFwiKVwiO1xuICAgIH1cblxuICAgIGNvbnN0IHNlY3JldCA9IG9wdGlvbnMuc2VjcmV0ID8/IFwiR0lUSFVCX1RPS0VOXCI7XG5cbiAgICBjb25zdCBhcHByb3ZlSm9iOiBKb2IgPSB7XG4gICAgICAuLi5maWx0ZXJlZFJ1bnNPbk9wdGlvbnMob3B0aW9ucy5ydW5zT24sIG9wdGlvbnMucnVuc09uR3JvdXApLFxuICAgICAgcGVybWlzc2lvbnM6IHtcbiAgICAgICAgcHVsbFJlcXVlc3RzOiBKb2JQZXJtaXNzaW9uLldSSVRFLFxuICAgICAgfSxcbiAgICAgIGlmOiBjb25kaXRpb24sXG4gICAgICBzdGVwczogW1xuICAgICAgICB7XG4gICAgICAgICAgdXNlczogXCJobWFyci9hdXRvLWFwcHJvdmUtYWN0aW9uQHYyLjIuMVwiLFxuICAgICAgICAgIHdpdGg6IHtcbiAgICAgICAgICAgIFwiZ2l0aHViLXRva2VuXCI6IGBcXCR7eyBzZWNyZXRzLiR7c2VjcmV0fSB9fWAsXG4gICAgICAgICAgfSxcbiAgICAgICAgfSxcbiAgICAgIF0sXG4gICAgfTtcblxuICAgIGNvbnN0IHdvcmtmbG93ID0gZ2l0aHViLmFkZFdvcmtmbG93KFwiYXV0by1hcHByb3ZlXCIpO1xuICAgIHdvcmtmbG93Lm9uKHtcbiAgICAgIC8vIFRoZSAncHVsbCByZXF1ZXN0JyBldmVudCBnaXZlcyB0aGUgd29ya2Zsb3cgJ3JlYWQtb25seScgcGVybWlzc2lvbnMgb24gc29tZVxuICAgICAgLy8gcHVsbCByZXF1ZXN0cyAoc3VjaCBhcyB0aGUgb25lcyBmcm9tIGRlcGVuZGFib3QpIHdoZW4gdXNpbmcgdGhlIGBHSVRIVUJfVE9LRU5gXG4gICAgICAvLyBzZWN1cml0eSB0b2tlbi4gVGhpcyBwcmV2ZW50cyB0aGUgd29ya2Zsb3cgZnJvbSBhcHByb3ZpbmcgdGhlc2UgcHVsbCByZXF1ZXN0cy5cbiAgICAgIC8vIEdpdGh1YiBoYXMgcGxhY2VkIHRoaXMgZ3VhcmQgc28gYXMgdG8gcHJldmVudCBzZWN1cml0eSBhdHRhY2tzIGJ5IHNpbXBseSBvcGVuaW5nXG4gICAgICAvLyBhIHB1bGwgcmVxdWVzdCBhbmQgdHJpZ2dlcmluZyBhIHdvcmtmbG93IG9uIGEgY29tbWl0IHRoYXQgd2FzIG5vdCB2ZXR0ZWQgdG8gbWFrZVxuICAgICAgLy8gdW5pbnRlbmRlZCBjaGFuZ2VzIHRvIHRoZSByZXBvc2l0b3J5LlxuICAgICAgLy9cbiAgICAgIC8vIEluc3RlYWQgdXNlIHRoZSAncHVsbCByZXF1ZXN0IHRhcmdldCcgZXZlbnQgaGVyZSB0aGF0IGdpdmVzIHRoZSBHaXRodWIgd29ya2Zsb3dcbiAgICAgIC8vICdyZWFkLXdyaXRlJyBwZXJtaXNzaW9ucy4gVGhpcyBpcyBzYWZlIGJlY2F1c2UsIHRoaXMgZXZlbnQsIHVubGlrZSB0aGUgJ3B1bGwgcmVxdWVzdCdcbiAgICAgIC8vIGV2ZW50IHJlZmVyZW5jZXMgdGhlIEJBU0UgY29tbWl0IG9mIHRoZSBwdWxsIHJlcXVlc3QgYW5kIG5vdCB0aGUgSEVBRCBjb21taXQuXG4gICAgICBwdWxsUmVxdWVzdFRhcmdldDoge1xuICAgICAgICB0eXBlczogW1xuICAgICAgICAgIFwibGFiZWxlZFwiLFxuICAgICAgICAgIFwib3BlbmVkXCIsXG4gICAgICAgICAgXCJzeW5jaHJvbml6ZVwiLFxuICAgICAgICAgIFwicmVvcGVuZWRcIixcbiAgICAgICAgICBcInJlYWR5X2Zvcl9yZXZpZXdcIixcbiAgICAgICAgXSxcbiAgICAgIH0sXG4gICAgfSk7XG4gICAgd29ya2Zsb3cuYWRkSm9icyh7IGFwcHJvdmU6IGFwcHJvdmVKb2IgfSk7XG4gIH1cbn1cbiJdfQ==