Give an approving review to team member PRs automatically

Branch protection rules currently require 2 approving reviews to merge a PR. What we really want is for 2 team members to be aware of every change. If a team member makes a PR, only one other approval should be needed. Since GitHub doesn't currently allow us to set different review thresholds for different users/teams, sending an automatic approval via GitHub Actions is the next best thing. This should reduce friction of team development work.
2025-06-04 02:52:25 +00:00 · 2024-08-19 19:02:17 +01:00 · 2024-08-19 19:02:17 +01:00 · a7638cf914
commit a7638cf914
parent c32744ebc7
1 changed files with 42 additions and 0 deletions
--- a/.github/workflows/team-pr-auto-approve.yml
+++ b/.github/workflows/team-pr-auto-approve.yml
@ -0,0 +1,42 @@
+#Due to GitHub awkwardness, it's not easy to reduce the review requirement for collaborators.
+#Our policy is that 2 collaborators should be aware of every change.
+#For outside PRs, this means 2 collaborator reviews.
+#For PRs made by collaborators, this means 1 reviewer + the author.
+#We trust that collaborators don't need as much oversight.
+name: Auto approve collaborator PRs
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+
+permissions:
+  pull-requests: write
+
+jobs:
+  approve:
+    name: Auto approve
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check if PR author has write access
+        id: check-permission
+        uses: actions-cool/check-user-permission@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          require: write
+          username: ${{ github.event.pull_request.user.login }}
+          #technically this would be fine for dependabot but generally bots don't count as team members
+          check-bot: true
+
+        #TODO: Some way to avoid unnecessary repeated reviews would be nice here
+
+      - name: Approve PR if authorized
+        if: steps.check-permission.outputs.require-result == 'true' && steps.check-permission.outputs.check-result == 'false'
+        uses: juliangruber/approve-pull-request-action@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          number: ${{ github.event.pull_request.number }}