Skip to content

Commit

Permalink
Added review-bot to fine tune review requirements (#1673)
Browse files Browse the repository at this point in the history 
Created a Github Action that uses the [Review-Bot
app](https://github.com/paritytech/review-bot) to require more fine
tuned requirements to review pull requests before allowing the PR to be
merged.

This uses
[`pull_request_target`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target)
for the event, not `pull_request`. This is a security measure so that an
attacker doesn’t have access to the secrets.

All the rules have been copied from the original
`.github/pr-custom-review.yml` file.

I want to clarify, this particular commit is **not intended to replace
PRCR yet**.

# Advantages it brings over `PRCR`

Most of the features available in `PRCR` have been duplicated and
enhanced. For a complete detailed write up, please see:
- paritytech/pr-custom-review#114 -> Proposal for the rewrite
- [Review Bot
Documentation](https://github.com/paritytech/review-bot/blob/main/README.md)

The most important features are:
- `include` and `exclude` fields now accept an array, making it easier
to read the regular expressions.
- Ability to skip a rule
- We can set that PRs coming from a particular user or team will cause
the rule to be skipped.
- This is used in the `Audit rule`, which was requested by
@the-right-joyce.
  - This resolves paritytech/pr-custom-review#136
- Ability to request fellows instead of teams
- As requested in polkadot-fellows/runtimes#7, this bot has the ability
to request fellows by rank instead of users.
- We currently have polkadot-fellows/runtimes#31 which is using that
feature.

Aside from all the rules available in `PRCR` I have added a particular
rule to lock the review-bot files and require a review from the
`locks-review` team, the @paritytech/ci team and the
@paritytech/opstooling team to ensure that the file has been written
correctly.

## Next steps

The next steps will consist on paritytech/review-bot#53, once this issue
has been resolved, and `review-bot` has worked without any issues on
this repository for a while, we will upgrade it to be able to fully
replace `PRCR`.
  • Loading branch information
@Bullrich
Bullrich committed Sep 28, 2023
1 parent 4bc97e4 commit 4384c61
Show file tree
Hide file tree
Showing 2 changed files with 152 additions and 0 deletions.
121 changes: 121 additions & 0 deletions .github/review-bot.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
rules:
- name: CI files
condition:
include:
- ^\.gitlab-ci\.yml
- ^docker/.*
- ^\.github/.*
- ^\.gitlab/.*
- ^\.config/nextest.toml
- ^\.cargo/.*
exclude:
- ^./gitlab/pipeline/zombienet.*
min_approvals: 2
type: basic
teams:
- ci
- release-engineering

- name: Audit rules
type: basic
condition:
include:
- ^polkadot/runtime\/(kusama|polkadot|common)\/.*
- ^polkadot/primitives/src\/.+\.rs$
- ^substrate/primitives/.*
- ^substrate/frame/.*
exclude:
- ^polkadot/runtime\/(kusama|polkadot)\/src\/weights\/.+\.rs$
- ^substrate\/frame\/.+\.md$
min_approvals: 1
allowedToSkipRule:
teams:
- core-devs
teams:
- srlabs

- name: Core developers
countAuthor: true
condition:
include:
- .*
# excluding files from 'Runtime files' and 'CI files' rules
exclude:
- ^polkadot/runtime/(kusama|polkadot)/src/[^/]+\.rs$
- ^cumulus/parachains/runtimes/assets/(asset-hub-kusama|asset-hub-polkadot)/src/[^/]+\.rs$
- ^cumulus/parachains/runtimes/bridge-hubs/(bridge-hub-kusama|bridge-hub-polkadot)/src/[^/]+\.rs$
- ^cumulus/parachains/runtimes/collectives/collectives-polkadot/src/[^/]+\.rs$
- ^cumulus/parachains/common/src/[^/]+\.rs$
- ^substrate/frame/(?!.*(nfts/.*|uniques/.*|babe/.*|grandpa/.*|beefy|merkle-mountain-range/.*|contracts/.*|election|nomination-pools/.*|staking/.*|aura/.*))
- ^polkadot/runtime/(kusama|polkadot)/src/[^/]+\.rs$
- ^\.gitlab-ci\.yml
- ^docker/.*
- ^\.github/.*
- ^\.gitlab/.*
- ^\.config/nextest.toml
- ^\.cargo/.*
min_approvals: 2
type: basic
teams:
- core-devs

# cumulus
- name: Runtime files cumulus
countAuthor: true
condition:
include:
- ^cumulus/parachains/runtimes/assets/(asset-hub-kusama|asset-hub-polkadot)/src/[^/]+\.rs$
- ^cumulus/parachains/runtimes/bridge-hubs/(bridge-hub-kusama|bridge-hub-polkadot)/src/[^/]+\.rs$
- ^cumulus/parachains/runtimes/collectives/collectives-polkadot/src/[^/]+\.rs$
- ^cumulus/parachains/common/src/[^/]+\.rs$
type: and-distinct
reviewers:
- min_approvals: 1
teams:
- locks-review
- min_approvals: 1
teams:
- polkadot-review

# if there are any changes in the bridges subtree (in case of backport changes back to bridges repo)
- name: Bridges subtree files
type: basic
condition:
include:
- ^bridges/.*
min_approvals: 1
teams:
- bridges-core

# substrate

- name: FRAME coders substrate
condition:
include:
- ^substrate/frame/(?!.*(nfts/.*|uniques/.*|babe/.*|grandpa/.*|beefy|merkle-mountain-range/.*|contracts/.*|election|nomination-pools/.*|staking/.*|aura/.*))
type: "and"
reviewers:
- min_approvals: 2
teams:
- core-devs
- min_approvals: 1
teams:
- frame-coders

# Protection of THIS file
- name: Review Bot
condition:
include:
- review-bot\.yml
min_approvals: 2
type: "and"
reviewers:
- min_approvals: 1
teams:
- opstooling
- min_approvals: 1
teams:
- locks-review
- min_approvals: 1
teams:
- ci
31 changes: 31 additions & 0 deletions .github/workflows/review-bot.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
name: Review PR
on:
pull_request_target:
types:
- opened
- reopened
- synchronize
- review_requested
- review_request_removed
- ready_for_review
pull_request_review:

permissions:
contents: read

jobs:
review-approvals:
runs-on: ubuntu-latest
steps:
- name: Generate token
id: team_token
uses: tibdex/github-app-token@v1
with:
app_id: ${{ secrets.REVIEW_APP_ID }}
private_key: ${{ secrets.REVIEW_APP_KEY }}
- name: "Evaluates PR reviews and assigns reviewers"
uses: paritytech/review-bot@v1.1.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
team-token: ${{ steps.team_token.outputs.token }}
checks-token: ${{ steps.team_token.outputs.token }}

0 comments on commit 4384c61

Please sign in to comment.