name: migrations approval on: pull_request: types: [review_requested, synchronize, opened, reopened] pull_request_review: types: [submitted, edited, dismissed] # Cancel in progress workflows on pull_requests. # https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true defaults: run: # the default default is: # bash --noprofile --norc -eo pipefail {0} shell: bash --noprofile --norc -eo pipefail -ux {0} jobs: did-migration-change: name: check if any migration changes runs-on: ubuntu-22.04 timeout-minutes: 3 # Map a step output to a job output outputs: added: ${{ steps.changes.outputs.migrations_added }} modified: ${{ steps.changes.outputs.migrations_modified }} steps: - name: Checkout sentry uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 - name: Match migration files uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 id: changes with: token: ${{ github.token }} filters: .github/file-filters.yml check-migration-approval: name: check if migration is approved runs-on: ubuntu-22.04 timeout-minutes: 3 needs: did-migration-change if: needs.did-migration-change.outputs.added == 'true' steps: - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 with: persist-credentials: false - name: getsentry token uses: getsentry/action-github-app-token@97c9e23528286821f97fba885c1b1123284b29cc # v2.0.0 id: getsentry with: app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }} private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }} - uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0 # v6.3.3 with: github-token: ${{ steps.getsentry.outputs.token }} script: | const {check} = require(`${process.env.GITHUB_WORKSPACE}/.github/workflows/scripts/team-approval-check`); await check({ github, context, core, team_slug: 'owners-migrations' });