Merge f9271eb3a3 into 31ade3e496

2025-08-02 13:48:15 +02:00 · 2025-08-01 14:24:56 +01:00 · 2025-08-01 14:24:56 +01:00 · b91c2c59bc
commit b91c2c59bc
parent 31ade3e496 f9271eb3a3
2 changed files with 72 additions and 0 deletions
--- a/.github/config/repo_devs.json
+++ b/.github/config/repo_devs.json
@ -9,5 +9,8 @@
    "DarioGii",
    "ConnorYoh",
    "EthanHealy01"
+  ],
+  "repo_devs_reviewers": [
+    "Frooodle"
  ]
 }
--- a/.github/workflows/reviewbot.yml
+++ b/.github/workflows/reviewbot.yml
@ -0,0 +1,69 @@
+name: ReviewBot Approver
+
+on:
+  issue_comment:
+    types: [created]
+
+permissions:
+  contents: read
+
+jobs:
+  approve-pr:
+    if: |
+      github.event.issue.pull_request &&
+      contains(github.event.comment.body, 'approvebot')
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Setup GitHub App Bot
+        if: github.actor != 'dependabot[bot]'
+        id: setup-bot
+        uses: ./.github/actions/setup-bot
+        with:
+          app-id: ${{ secrets.GH_APP_ID }}
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+
+      - name: Verify Bot Setup
+        if: github.actor != 'dependabot[bot]'
+        run: |
+          if [ -z "${{ steps.setup-bot.outputs.token }}" ]; then
+            echo "Error: Bot setup failed. Token is missing." >&2
+            exit 1
+          fi
+      - name: Check if actor is repo developer
+        id: actor
+        run: |
+          if [[ "${{ github.actor }}" == *"[bot]" ]]; then
+            echo "PR opened by a bot – skipping AI title review."
+            echo "is_repo_dev=false" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+          if [ ! -f .github/config/repo_devs.json ]; then
+            echo "Error: .github/config/repo_devs.json not found" >&2
+            exit 1
+          fi
+          # Validate JSON and extract repo_devs
+          REPO_DEVS=$(jq -r '.repo_devs_reviewers[]' .github/config/repo_devs.json 2>/dev/null || { echo "Error: Invalid JSON in repo_devs.json" >&2; exit 1; })
+          # Convert developer list into Bash array
+          mapfile -t DEVS_ARRAY <<< "$REPO_DEVS"
+          if [[ " ${DEVS_ARRAY[*]} " == *" ${{ github.actor }} "* ]]; then
+            echo "is_repo_dev=true" >> $GITHUB_OUTPUT
+          else
+            echo "is_repo_dev=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Approve the Pull Request
+        if: steps.actor.outputs.is_repo_dev == 'true'
+        env:
+          GITHUB_TOKEN: ${{ steps.setup-bot.outputs.token }}
+        run: |
+          gh pr review ${{ github.event.issue.number }} --approve -b ":robot: *${{ steps.setup-bot.outputs.app-slug }}* approved this PR in response to a comment from @${{ github.actor }}."