From 0002a93e081da1380fc6a11c75bb2c02b65de40a Mon Sep 17 00:00:00 2001 From: Kaan Barmore-Genc Date: Sat, 18 Feb 2023 13:30:51 -0500 Subject: [PATCH] github actions do not merge label post --- content/img/gh-do-not-merge-action.png | 3 + content/img/gh-do-not-merge-fail.png | 3 + content/img/gh-menu-actions-general.png | 3 + content/img/gh-repository-defaults-labels.png | 3 + content/img/gh-repository-defaults.png | 3 + content/img/gh-required-workflows-config.png | 3 + content/img/gh-required-workflows.png | 3 + ...02.18.github-actions-do-not-merge-label.md | 106 ++++++++++++++++++ 8 files changed, 127 insertions(+) create mode 100644 content/img/gh-do-not-merge-action.png create mode 100644 content/img/gh-do-not-merge-fail.png create mode 100644 content/img/gh-menu-actions-general.png create mode 100644 content/img/gh-repository-defaults-labels.png create mode 100644 content/img/gh-repository-defaults.png create mode 100644 content/img/gh-required-workflows-config.png create mode 100644 content/img/gh-required-workflows.png create mode 100644 content/posts/2022.02.18.github-actions-do-not-merge-label.md diff --git a/content/img/gh-do-not-merge-action.png b/content/img/gh-do-not-merge-action.png new file mode 100644 index 0000000..c0edf8a --- /dev/null +++ b/content/img/gh-do-not-merge-action.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e4a8f9ac9cc8a68e33a615e397dacf8ef598fd57746ee84f9aba7095904d9837 +size 87515 diff --git a/content/img/gh-do-not-merge-fail.png b/content/img/gh-do-not-merge-fail.png new file mode 100644 index 0000000..77195e9 --- /dev/null +++ b/content/img/gh-do-not-merge-fail.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:39cbf3a20c178548441073548c957e4e211d96b43af997402a2f98cec8a6b657 +size 42943 diff --git a/content/img/gh-menu-actions-general.png b/content/img/gh-menu-actions-general.png new file mode 100644 index 0000000..c9a7a84 --- /dev/null +++ b/content/img/gh-menu-actions-general.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a0c1ec9df09b8bc78e9f347a964538df8c3f16cc8c6e9ee4b0646effba6e6f63 +size 15153 diff --git a/content/img/gh-repository-defaults-labels.png b/content/img/gh-repository-defaults-labels.png new file mode 100644 index 0000000..b46e031 --- /dev/null +++ b/content/img/gh-repository-defaults-labels.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:20f1bc8fff6179ea47270ba776c75b674650a65902932a7d43a441f7d84629cc +size 35030 diff --git a/content/img/gh-repository-defaults.png b/content/img/gh-repository-defaults.png new file mode 100644 index 0000000..2591f71 --- /dev/null +++ b/content/img/gh-repository-defaults.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:10a6dade5df66fa4646ba7d330d78aa1989b617384a1db95372431141e5e0ee2 +size 12928 diff --git a/content/img/gh-required-workflows-config.png b/content/img/gh-required-workflows-config.png new file mode 100644 index 0000000..9103f32 --- /dev/null +++ b/content/img/gh-required-workflows-config.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:42cadb704d321de6987732aeb94975bc7724ef38ebe908781ab4f58fea21a1b4 +size 78267 diff --git a/content/img/gh-required-workflows.png b/content/img/gh-required-workflows.png new file mode 100644 index 0000000..073ba90 --- /dev/null +++ b/content/img/gh-required-workflows.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:44268248745eddfe4e32c20b189a0751583e10037e6580c6b7bfc33d277f2a01 +size 30175 diff --git a/content/posts/2022.02.18.github-actions-do-not-merge-label.md b/content/posts/2022.02.18.github-actions-do-not-merge-label.md new file mode 100644 index 0000000..d76cbac --- /dev/null +++ b/content/posts/2022.02.18.github-actions-do-not-merge-label.md @@ -0,0 +1,106 @@ +--- +title: Enforcing a "Do Not Merge" label with Github Actions +date: 2023-02-18T12:33:32-05:00 +toc: false +images: +tags: + - dev +--- + +At my workplace, we sometimes find ourselves in situations where a PR passes all +tests, and has been reviewed and approved, but still shouldn't be merged. +Sometimes this is because that PR needs some other work in another repository to +be merged and deployed first. Sometimes it's because merging the PR will +kickstart some process like sending out emails, and we are waiting to start that +process at a certain time. + +Whatever the reason, our convention is that we add a "Do Not Merge" label to the +PR. But we recently had a case where someone didn't see the label and clicked +the merge button anyway. I can tell you that it's not fun scrambling to hit the +"cancel action" button on Github before the code gets deployed! So we started +looking into a way to prevent such issues. + +Now, you might ask why we don't just leave these PRs as drafts. While that would +stop them from being merged on an accidental click, there is still some risk +that someone might just mark it ready for review and merge it without checking +the label. We also have some automation set up, like automatically changing card +state when a PR is marked as ready, which would not work if we leave PRs in +draft. Luckily, I found a better solution. + +After coming across this [post from Jesse Squires](https://www.jessesquires.com/blog/2021/08/24/useful-label-based-github-actions-workflows/), +I decided to try the improved version of a "Do Not Merge" check he suggests. + +```yml +name: Do Not Merge + +on: + pull_request: + types: [synchronize, opened, reopened, labeled, unlabeled] + +jobs: + do-not-merge: + if: ${{ contains(github.event.*.labels.*.name, 'do not merge') }} + name: Prevent Merging + runs-on: ubuntu-latest + steps: + - name: Check for label + run: | + echo "Pull request is labeled as 'do not merge'" + echo "This workflow fails so that the pull request cannot be merged" + exit 1 +``` + +Our first attempt was dropping this into the repository, which worked, but we +have a lot of repositories and we sometimes create new ones too. Having to copy +this check to all repositories seems like a lot of work! But thanks to a +coworker discovering that you can set repository-wide workflows, we were able to +set up all of this organization-wide. + +To do that, you first add this workflow file in some repository. It doesn't need +to be (and probably shouldn't be) in your `.github/workflows` folder. You might +even want to create a new repository to contain just this workflow file. + +![A github repository, with a single file named do-not-merge.yml at the root of the repository. The file contains the code listed earlier in this page.](/img/gh-do-not-merge-action.png) + +Next, go to your organization settings and select "Actions > General" on the +side menu. + +![Github side bar menu, with heading Action expanded, and General selected inside that section.](/img/gh-menu-actions-general.png) + +Scroll to the bottom, where you'll find "Required workflows". Click +to add a workflow. + +![The required workflows section in Github organization settings. An "Add workflow" button is present.](/img/gh-required-workflows.png) + +Then select the repository where you added your action, and +write the path to the workflow file within that repository. + +![Add required workflow page. The previously mentioned repository is selected, and the path do-not-merge.yml is written next to that. A selection below has picked 'All repositories'.](/img/gh-required-workflows-config.png) + + +You're now done! All PRs in all repositories will run the do not merge label +check, and will prevent you from merging any PR with the label. + +![The checks section on a PR page. A check named "Do Not Merge" has failed, and the merge button is disabled. Github warns that all checks must pass before merging.](/img/gh-do-not-merge-fail.png) + +One caveat is +that there seems to be a bug on Github's end of things where for any PR that was +open at the time you added this check, the check gets stuck with the message +"Expected - Waiting for status to be reported". If that happens, add the "do not +merge" label then remove it. This will remind Github to actually run the check. + +To make the experience a bit smoother for new repositories, you can also add "do +not merge" as a default PR label. To do so, go to the "Repository > Repository +defaults" section on the side bar. + +![Github side bar menu, with heading Repository expanded, and Repository defaults selected inside that section.](/img/gh-repository-defaults.png) + +Click "New label", and create a label named +"do not merge". + +![The repository labels section in Github organization settings. A new label is being added, with the name do not merge.](/img/gh-repository-defaults-labels.png) + +This will only apply to new repositories, so you may need to add +the label to your existing repositories. But even if you don't add the label to +the repository, the check should not block you so you don't have to worry about +going through all your repositories to add this label.