Trez/gitea-manual-approval
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
91002081f75f7d16abd812304cefa3f96db78cab
gitea-manual-approval/action.yml
T
Trez.One 91002081f7 ...
2025-11-24 10:20:41 -05:00

231 lines
7.2 KiB
YAML
Raw Blame History

name: "manual-approval-cross"
description: "Manual approval for GitHub & Gitea with reminders + Apprise notifications"
branding:
icon: "check-circle"
color: "green"
inputs:
token:
description: Token with repo access (GITHUB_TOKEN or GITEA_TOKEN)
required: true
approvers:
description: "Comma-separated list of approvers (usernames)"
required: true
approval_keywords:
description: "Approval keywords (comma-separated)"
default: "approve,approved,lgtm,yes"
denial_keywords:
description: "Denial keywords (comma-separated)"
default: "deny,denied,no"
poll_interval:
description: "Seconds between polling issue comments"
default: "20"
reminder_interval:
description: "Seconds between reminders (0 = disable reminders)"
default: "600"
apprise_urls:
description: "Comma-separated Apprise URLs (optional)"
default: ""
apprise_api:
description: "URL to apprise-api endpoint (optional)"
default: ""
repository:
description: "Repository name (optional, required for act testing)"
default: ""
outputs:
approved:
description: Approval result
value: ${{ steps.wait.outputs.approved }}
runs:
using: "composite"
steps:
# Detect platform & repository
- id: detect
shell: bash
run: |
URL="${GITHUB_SERVER_URL:-${{ github.server_url }}}"
REPO="${{ inputs.repository }}:${{ github.repository }}"
if [[ -z "$REPO" ]]; then
echo "❌ Repository not set. Please provide inputs.repository or github.repository"
exit 1
fi
if [[ "$URL" =~ gitea ]]; then
echo "platform=gitea" >> $GITHUB_OUTPUT
else
echo "platform=github" >> $GITHUB_OUTPUT
fi
echo "api_url=${URL}/api/v1" >> $GITHUB_OUTPUT
echo "repository=${REPO}" >> $GITHUB_OUTPUT
# Create approval issue
- id: create-issue
shell: bash
env:
TOKEN: ${{ inputs.token }}
APPROVERS: ${{ inputs.approvers }}
run: |
title="Manual approval required"
body="Approvers: ${APPROVERS}
Workflow **${{ github.workflow }}** requires approval.
**Approval keywords:** ${{ inputs.approval_keywords }}
**Denial keywords:** ${{ inputs.denial_keywords }}
Please reply with a keyword on this issue."
# Build JSON array of assignees
ASSIGNEES_JSON=$(jq -nc --arg csv "$APPROVERS" '$csv | split(",")')
json=$(jq -n \
--arg title "$title" \
--arg body "$body" \
--argjson assignees "$ASSIGNEES_JSON" \
'{title:$title, body:$body, assignees:$assignees}')
resp=$(curl -s -X POST \
-H "Authorization: token $TOKEN" \
-H "Content-Type: application/json" \
-d "$json" \
"${{ steps.detect.outputs.api_url }}/repos/${{ steps.detect.outputs.repository }}/issues")
echo "Response from API: $resp"
# Extract issue number (GitHub: number, Gitea: index or id)
issue_number=$(echo "$resp" | jq -r '.number // .index // .id')
if [[ -z "$issue_number" || "$issue_number" == "null" ]]; then
echo "❌ Failed to create issue, response: $resp"
exit 1
fi
echo "issue=$issue_number" >> $GITHUB_OUTPUT
# Wait for approval with reminders
- id: wait
shell: bash
env:
TOKEN: ${{ inputs.token }}
PLATFORM: ${{ steps.detect.outputs.platform }}
API_URL: ${{ steps.detect.outputs.api_url }}
ISSUE: ${{ steps.create-issue.outputs.issue }}
APPROVERS: ${{ inputs.approvers }}
APPROVAL_KEYWORDS: ${{ inputs.approval_keywords }}
DENIAL_KEYWORDS: ${{ inputs.denial_keywords }}
REMINDER_INTERVAL: ${{ inputs.reminder_interval }}
POLL_INTERVAL: ${{ inputs.poll_interval }}
APPRISE_URLS: ${{ inputs.apprise_urls }}
APPRISE_API: ${{ inputs.apprise_api }}
run: |
# Split inputs
IFS=',' read -r -a approver_list <<< "$APPROVERS"
IFS=',' read -r -a approved_kws <<< "$APPROVAL_KEYWORDS"
IFS=',' read -r -a denied_kws <<< "$DENIAL_KEYWORDS"
last_reminder=$(date +%s)
ISSUE_URL="${API_URL}/repos/${{ steps.detect.outputs.repository }}/issues/$ISSUE"
# Notification function (integrated Apprise)
notify_func() {
msg="$1"
echo "::notice::$msg"
if [[ -n "$APPRISE_URLS" ]]; then
IFS=',' read -r -a urls <<< "$APPRISE_URLS"
for u in "${urls[@]}"; do
apprise -b "$msg" -t "Manual Approval" "$u" || true
done
fi
if [[ -n "$APPRISE_API" ]]; then
curl -s -X POST "$APPRISE_API" \
-H "Content-Type: application/json" \
-d "{\"title\":\"Manual Approval\",\"body\":\"$msg\"}" || true
fi
}
notify_func "Approval required on issue #$ISSUE"
while true; do
comments=$(curl -s \
-H "Authorization: token $TOKEN" \
"$ISSUE_URL/comments")
declare -A state
for u in "${approver_list[@]}"; do state[$u]="pending"; done
count=$(echo "$comments" | jq 'length')
for ((i=0; i<count; i++)); do
user=$(echo "$comments" | jq -r ".[$i].user.login")
body=$(echo "$comments" | jq -r ".[$i].body" | tr '[:upper:]' '[:lower:]')
for k in "${approved_kws[@]}"; do
[[ "$body" =~ ^$k[.!]?$ ]] && state[$user]="approved"
done
for k in "${denied_kws[@]}"; do
[[ "$body" =~ ^$k[.!]?$ ]] && state[$user]="denied"
done
done
# Check denial
for u in "${!state[@]}"; do
if [[ "${state[$u]}" == "denied" ]]; then
notify_func "Approval denied by $u on issue #$ISSUE"
echo "approved=false" >> $GITHUB_OUTPUT
exit 1
fi
done
# Check full approval
all_ok=true
for u in "${!state[@]}"; do
[[ "${state[$u]}" != "approved" ]] && all_ok=false
done
if $all_ok; then
notify_func "All approvers approved issue #$ISSUE"
echo "approved=true" >> $GITHUB_OUTPUT
break
fi
# Send reminders
if (( REMINDER_INTERVAL > 0 )); then
now=$(date +%s)
since=$(( now - last_reminder ))
if (( since >= REMINDER_INTERVAL )); then
pending=""
for u in "${!state[@]}"; do
[[ "${state[$u]}" == "pending" ]] && pending+="$u "
done
notify_func "Reminder: approval still pending for [$pending] on issue #$ISSUE"
last_reminder=$now
fi
fi
sleep "$POLL_INTERVAL"
done
# Close issue
- id: close
shell: bash
env:
TOKEN: ${{ inputs.token }}
API_URL: ${{ steps.detect.outputs.api_url }}
ISSUE: ${{ steps.create-issue.outputs.issue }}
run: |
curl -s -X PATCH \
-H "Authorization: token $TOKEN" \
-H "Content-Type: application/json" \
-d '{"state":"closed"}' \
"$API_URL/repos/${{ steps.detect.outputs.repository }}/issues/$ISSUE" >/dev/null || true
Reference in New Issue View Git Blame Copy Permalink