ci(reviewers): inline scripts, drop checkout #40413

Problem:
- The `reviewers_add`/`reviewers_remove` CI jobs checkout the repo only
  for the purpose of `require('…/reviewers_add.js')`.
- `reviewers_remove` also runs on `closed`, so a merged fork PR will trip
  the new allow-unsafe-pr-checkout guard of `actions/checkout@v7`.

Solution:
- Drop the use of `actions/checkout`.
- Inline the script in the CI yaml definitions.
- Also await the mutating calls (previously fire-and-forget) and guard
  empty reviewer lists.
This commit is contained in:
Justin M. Keyes
2026-06-25 10:01:09 -04:00
committed by GitHub
parent c456c652b5
commit 122be61ed2
4 changed files with 65 additions and 146 deletions

View File

@@ -1,118 +0,0 @@
module.exports = async ({ github, context }) => {
const pr_data = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
});
const labels = pr_data.data.labels.map((e) => e.name);
const reviewers = new Set();
if (labels.includes("build")) {
reviewers.add("dundargoc");
reviewers.add("jamessan");
reviewers.add("justinmk");
}
if (labels.includes("ci")) {
reviewers.add("dundargoc");
reviewers.add("jamessan");
reviewers.add("justinmk");
}
if (labels.includes("column")) {
reviewers.add("lewis6991");
}
if (labels.includes("comment")) {
reviewers.add("echasnovski");
}
if (labels.includes("defaults")) {
reviewers.add("gpanders");
}
if (labels.includes("diagnostic")) {
reviewers.add("gpanders");
}
if (labels.includes("diff")) {
reviewers.add("lewis6991");
}
if (labels.includes("editorconfig")) {
reviewers.add("gpanders");
}
if (labels.includes("marks")) {
reviewers.add("bfredl");
}
if (labels.includes("filetype")) {
reviewers.add("clason");
}
if (labels.includes("inccommand")) {
reviewers.add("famiu");
}
if (labels.includes("lsp")) {
reviewers.add("MariaSolOs");
reviewers.add("ribru17");
}
if (labels.includes("netrw")) {
reviewers.add("justinmk");
}
if (labels.includes("options")) {
reviewers.add("famiu");
}
if (labels.includes("platform:nix")) {
reviewers.add("teto");
}
if (labels.includes("project-management")) {
reviewers.add("bfredl");
reviewers.add("justinmk");
}
if (labels.includes("snippet")) {
reviewers.add("MariaSolOs");
}
if (labels.includes("statusline")) {
reviewers.add("famiu");
}
if (labels.includes("treesitter")) {
reviewers.add("bfredl");
reviewers.add("clason");
reviewers.add("lewis6991");
reviewers.add("wookayin");
reviewers.add("ribru17");
}
if (labels.includes("tui")) {
reviewers.add("gpanders");
}
if (labels.includes("typo")) {
reviewers.add("dundargoc");
}
if (labels.includes("vim-patch")) {
reviewers.add("zeertzjq");
}
// Remove person that opened the PR since they can't review themselves
const pr_opener = pr_data.data.user.login;
reviewers.delete(pr_opener);
github.rest.pulls.requestReviewers({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
reviewers: Array.from(reviewers),
});
};

View File

@@ -1,16 +0,0 @@
module.exports = async ({ github, context }) => {
const requestedReviewers = await github.rest.pulls.listRequestedReviewers({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
});
const reviewers = requestedReviewers.data.users.map((e) => e.login);
github.rest.pulls.removeRequestedReviewers({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
reviewers: reviewers,
});
};

View File

@@ -17,13 +17,57 @@ jobs:
permissions:
pull-requests: write
steps:
- uses: actions/checkout@v7.0.0
with:
persist-credentials: false
- name: 'Request reviewers'
uses: actions/github-script@v9
with:
script: |
const script = require('./.github/scripts/reviewers_add.js')
await script({github, context})
const labelReviewers = {
build: ["dundargoc", "jamessan", "justinmk"],
ci: ["dundargoc", "jamessan", "justinmk"],
column: ["lewis6991"],
comment: ["echasnovski"],
defaults: ["gpanders"],
diagnostic: ["gpanders"],
diff: ["lewis6991"],
editorconfig: ["gpanders"],
marks: ["bfredl"],
filetype: ["clason"],
inccommand: ["famiu"],
lsp: ["MariaSolOs", "ribru17"],
netrw: ["justinmk"],
options: ["famiu"],
"platform:nix": ["teto"],
"project-management": ["bfredl", "justinmk"],
snippet: ["MariaSolOs"],
statusline: ["famiu"],
treesitter: ["bfredl", "clason", "lewis6991", "wookayin", "ribru17"],
tui: ["gpanders"],
typo: ["dundargoc"],
"vim-patch": ["zeertzjq"],
};
// Fetch labels live: when called from labeler_pr.yml this job runs
// after labels are applied, so the event payload is stale.
const { data: pr } = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
});
const reviewers = new Set();
for (const label of pr.labels.map((e) => e.name)) {
for (const r of labelReviewers[label] || []) {
reviewers.add(r);
}
}
// Can't review your own PR.
reviewers.delete(pr.user.login);
if (reviewers.size) {
await github.rest.pulls.requestReviewers({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
reviewers: Array.from(reviewers),
});
}

View File

@@ -11,13 +11,22 @@ jobs:
permissions:
pull-requests: write
steps:
- uses: actions/checkout@v7.0.0
with:
persist-credentials: false
- name: 'Remove reviewers'
uses: actions/github-script@v9
with:
script: |
const script = require('./.github/scripts/reviewers_remove.js')
await script({github, context})
const { data } = await github.rest.pulls.listRequestedReviewers({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
});
const reviewers = data.users.map((e) => e.login);
if (reviewers.length) {
await github.rest.pulls.removeRequestedReviewers({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
reviewers,
});
}