diff --git a/.github/workflows/eval.yml b/.github/workflows/eval.yml index 06b8f2dcf045..0aa475c4c1e1 100644 --- a/.github/workflows/eval.yml +++ b/.github/workflows/eval.yml @@ -264,77 +264,12 @@ jobs: "/repos/$GITHUB_REPOSITORY/statuses/$PR_HEAD_SHA" \ -f "context=Eval / Summary" -f "state=success" -f "description=$description" -f "target_url=$target_url" - reviews: - name: Request Reviews - runs-on: ubuntu-24.04-arm + reviewers: + name: Reviewers # No dependency on "compare", so that it can start at the same time. # We only wait for the "comparison" artifact to be available, which makes the start-to-finish time # for the eval workflow considerably faster. needs: [ prepare, outpaths ] if: needs.prepare.outputs.targetSha - steps: - - name: Check out the PR at the base commit - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - path: trusted - sparse-checkout: ci - - - name: Install Nix - uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31 - with: - extra_nix_config: sandbox = true - - - name: Build the requestReviews derivation - run: nix-build trusted/ci -A requestReviews - - # See ./codeowners-v2.yml, reuse the same App because we need the same permissions - # Can't use the token received from permissions above, because it can't get enough permissions - - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 - if: vars.OWNER_APP_ID - id: app-token - with: - app-id: ${{ vars.OWNER_APP_ID }} - private-key: ${{ secrets.OWNER_APP_PRIVATE_KEY }} - permission-administration: read - permission-members: read - permission-pull-requests: write - - - name: Wait for comparison to be done - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - script: | - // Waiting 24 * 5 sec = 2 min. max. - for (let i = 0; i < 24; i++) { - const result = await github.rest.actions.listWorkflowRunArtifacts({ - owner: context.repo.owner, - repo: context.repo.repo, - run_id: context.runId, - name: 'comparison' - }) - if (result.data.total_count > 0) return - await new Promise(resolve => setTimeout(resolve, 5000)) - } - throw new Error("No comparison artifact found.") - - - name: Download the comparison results - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - pattern: comparison - path: comparison - merge-multiple: true - - - name: Requesting maintainer reviews - if: ${{ steps.app-token.outputs.token }} - env: - GH_TOKEN: ${{ github.token }} - REPOSITORY: ${{ github.repository }} - NUMBER: ${{ github.event.number }} - AUTHOR: ${{ github.event.pull_request.user.login }} - # Don't request reviewers on draft PRs - DRY_MODE: ${{ github.event.pull_request.draft && '1' || '' }} - run: | - # maintainers.json contains GitHub IDs. Look up handles to request reviews from. - # There appears to be no API to request reviews based on GitHub IDs - jq -r 'keys[]' comparison/maintainers.json \ - | while read -r id; do gh api /user/"$id" --jq .login; done \ - | GH_TOKEN=${{ steps.app-token.outputs.token }} result/bin/request-reviewers.sh "$REPOSITORY" "$NUMBER" "$AUTHOR" + uses: ./.github/workflows/reviewers.yml + secrets: inherit diff --git a/.github/workflows/reviewers.yml b/.github/workflows/reviewers.yml new file mode 100644 index 000000000000..141541c57330 --- /dev/null +++ b/.github/workflows/reviewers.yml @@ -0,0 +1,80 @@ +# This workflow will request reviews from the maintainers of each package +# listed in the PR's most recent eval comparison artifact. + +name: Reviewers + +on: + workflow_call: + +permissions: {} + +jobs: + request: + name: Request + runs-on: ubuntu-24.04-arm + steps: + - name: Check out the PR at the base commit + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + path: trusted + sparse-checkout: ci + + - name: Install Nix + uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31 + with: + extra_nix_config: sandbox = true + + - name: Build the requestReviews derivation + run: nix-build trusted/ci -A requestReviews + + # See ./codeowners-v2.yml, reuse the same App because we need the same permissions + # Can't use the token received from permissions above, because it can't get enough permissions + - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + if: vars.OWNER_APP_ID + id: app-token + with: + app-id: ${{ vars.OWNER_APP_ID }} + private-key: ${{ secrets.OWNER_APP_PRIVATE_KEY }} + permission-administration: read + permission-members: read + permission-pull-requests: write + + - name: Wait for comparison to be done + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + script: | + // Waiting 24 * 5 sec = 2 min. max. + for (let i = 0; i < 24; i++) { + const result = await github.rest.actions.listWorkflowRunArtifacts({ + owner: context.repo.owner, + repo: context.repo.repo, + run_id: context.runId, + name: 'comparison' + }) + if (result.data.total_count > 0) return + await new Promise(resolve => setTimeout(resolve, 5000)) + } + throw new Error("No comparison artifact found.") + + - name: Download the comparison results + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + pattern: comparison + path: comparison + merge-multiple: true + + - name: Requesting maintainer reviews + if: ${{ steps.app-token.outputs.token }} + env: + GH_TOKEN: ${{ github.token }} + REPOSITORY: ${{ github.repository }} + NUMBER: ${{ github.event.number }} + AUTHOR: ${{ github.event.pull_request.user.login }} + # Don't request reviewers on draft PRs + DRY_MODE: ${{ github.event.pull_request.draft && '1' || '' }} + run: | + # maintainers.json contains GitHub IDs. Look up handles to request reviews from. + # There appears to be no API to request reviews based on GitHub IDs + jq -r 'keys[]' comparison/maintainers.json \ + | while read -r id; do gh api /user/"$id" --jq .login; done \ + | GH_TOKEN=${{ steps.app-token.outputs.token }} result/bin/request-reviewers.sh "$REPOSITORY" "$NUMBER" "$AUTHOR"