https://github.com/joshjohanning/approveops
GitHub Action for Approvals in IssueOps (ChatOps)
https://github.com/joshjohanning/approveops
actions approval github issue-ops issueops
Last synced: 4 days ago
JSON representation
GitHub Action for Approvals in IssueOps (ChatOps)
- Host: GitHub
- URL: https://github.com/joshjohanning/approveops
- Owner: joshjohanning
- Created: 2022-02-07T04:19:32.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2023-12-03T21:13:16.000Z (about 2 years ago)
- Last Synced: 2025-04-11T00:46:01.729Z (10 months ago)
- Topics: actions, approval, github, issue-ops, issueops
- Homepage: https://josh-ops.com/posts/github-approveops/
- Size: 53.7 KB
- Stars: 8
- Watchers: 2
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# ApproveOps Action
[](https://github.com/joshjohanning/approveops/releases)
[](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/immutable-releases)
[](https://github.com/marketplace/actions/approveops-approvals-in-issueops)
[](https://github.com/joshjohanning/approveops/actions/workflows/ci.yml)
[](https://github.com/joshjohanning/approveops/actions/workflows/publish.yml)
Approvals in IssueOps
See the following guide on this action: https://josh-ops.com/posts/github-approveops/
## Usage
```yml
name: ApproveOps
on:
issue_comment:
types: [created]
jobs:
approveops:
runs-on: ubuntu-latest
if: contains(github.event.comment.body, '/do-stuff')
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}
- name: ApproveOps - Approvals in IssueOps
uses: joshjohanning/approveops@v3
id: check-approval
with:
token: ${{ steps.app-token.outputs.token }}
approve-command: '/approve'
team-name: 'approver-team'
fail-if-approval-not-found: true
post-successful-approval-comment: false
```
### Inputs
| Name | Description | Required | Default |
| ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------------------------------------------------------------------------------------------------ |
| `token` | GitHub App installation token or PAT that has access to read+write comments and list the team's membership | `true` | `''` |
| `approve-command` | The approval command to look for in the comments | `true` | `/approve` |
| `team-name` | The name of the team in GitHub to check for the approval command, e.g. `approver-team`. **Note:** Team must exist in the same organization as the repository running the action | `true` | `''` |
| `fail-if-approval-not-found` | Fail the action (show the action run as red) if the command is not found in the comments from someone in the approver team | `true` | `true` |
| `post-successful-approval-comment` | Whether to post successful approval comment | `true` | `true` |
| `successful-approval-comment` | Comment to post if an approval is found | `true` | `':tada: You were able to run the workflow because someone left an approval in the comments!!'` |
> [!NOTE]
> The `approve-command` must match the entire comment text (whitespace is ignored). For example, `/approve` will match `/approve` or `/approve\n`, but not `I /approve this` or `/approve please`.
## Prerequisites
### Team and Authentication
1. Create a GitHub team and add at least one member
2. Authentication options:
- GitHub App
- If you are using a GitHub Github App, it will need following permissions:
- **read & write** on `Repository / Issues` to create the comment
- **read-only** on `Organization / Members` to list the members of the team
- Generate a `PRIVATE_KEY` for the GitHub app and store it as a repo or organizational secret
- Note the `APP ID` to use as an input for an action like `actions/create-github-app-token@v1`
- Classic PAT
- If you are using a classic PAT, it will need the following scopes:
- `repo` - to create the comment
- `read:org` - to list the members of the team
- Fine-grained PAT
- If you are using a fine-grained PAT, it will need following permissions (same as GitHub App):
- **read & write** on `Repository / Issues` to create the comment
- **read-only** on `Organization / Members` to list the members of the team
See the following guide on creating a GitHub app: https://josh-ops.com/posts/github-apps/
Notes:
- A Personal Access Token (PAT) is not used since we want the comment to show as from a bot
- The `github.token` is not used since the token can't provide hyperlinks for @ mentions since it doesn't have the scope for org teams, only repository data
### Runner Software Requirements
No additional software requirements! `v3` of this action now runs natively using Node.js and the GitHub REST API.
The software running the GitHub Actions workflow must have Node.js version >=20 installed.
> [!TIP]
> Enable debug logging by setting the `ACTIONS_STEP_DEBUG` secret to `true` to see detailed approval checking logs. See [Enabling debug logging](https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging).
## Breaking Changes
### v2 to v3
No breaking changes. The action was converted from a composite action to a native Node.js action.
### v1 to v2
Extracting the logic for generating a GitHub App's installation token so that you can either use an alternative action or method to retrieve the token or to be able use a GitHub PAT instead.
Added/removed the following inputs:
| Input | Action | Required | Note |
| ----------------- | ------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `token` | Added | Yes | GitHub App installation token or PAT that has access to read+write comments and list the team's membership, e.g.: `${{ steps.get_installation_token.outputs.token }}` |
| `approve-command` | Added | No | Optional, defaults to `/approve`, the command to look for in the comments |
| `app-id` | Removed | Yes | The app ID for a GitHub App, e.g.: `170284` |
| `app-private-key` | Removed | Yes | The private key for a GitHub App, e.g.: `${{ secrets.APP_PRIVATE_KEY }}` |
Removed the following dependency:
- `tibdex/github-app-token@v1`
## Screenshots
