This version includes paritytech/review-bot#97 which can assign
reviewers.
It will be the final step required to replace PRCR.
It also moves the secrets to the environment master.
Upgraded to version 2.1.0 which has paritytech/review-bot#94, a change
in the logic of the action to overcome some problems with permissions
coming from PRs from forks
For this, we needed to divide the actions into two files:
- A first action that triggers on PRs and reviews and uploads the PR
number.
- A second action which is triggered under the completion of the first
one and runs as the action normally runs (but won't have any problems
regarding permissions because it is triggered from the master branch)
Created a Github Action that uses the [Review-Bot
app](https://github.com/paritytech/review-bot) to require more fine
tuned requirements to review pull requests before allowing the PR to be
merged.
This uses
[`pull_request_target`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target)
for the event, not `pull_request`. This is a security measure so that an
attacker doesn’t have access to the secrets.
All the rules have been copied from the original
`.github/pr-custom-review.yml` file.
I want to clarify, this particular commit is **not intended to replace
PRCR yet**.
# Advantages it brings over `PRCR`
Most of the features available in `PRCR` have been duplicated and
enhanced. For a complete detailed write up, please see:
- paritytech/pr-custom-review#114 -> Proposal for the rewrite
- [Review Bot
Documentation](https://github.com/paritytech/review-bot/blob/main/README.md)
The most important features are:
- `include` and `exclude` fields now accept an array, making it easier
to read the regular expressions.
- Ability to skip a rule
- We can set that PRs coming from a particular user or team will cause
the rule to be skipped.
- This is used in the `Audit rule`, which was requested by
@the-right-joyce.
- This resolvesparitytech/pr-custom-review#136
- Ability to request fellows instead of teams
- As requested in polkadot-fellows/runtimes#7, this bot has the ability
to request fellows by rank instead of users.
- We currently have polkadot-fellows/runtimes#31 which is using that
feature.
Aside from all the rules available in `PRCR` I have added a particular
rule to lock the review-bot files and require a review from the
`locks-review` team, the @paritytech/ci team and the
@paritytech/opstooling team to ensure that the file has been written
correctly.
## Next steps
The next steps will consist on paritytech/review-bot#53, once this issue
has been resolved, and `review-bot` has worked without any issues on
this repository for a while, we will upgrade it to be able to fully
replace `PRCR`.
dependabot[bot]