Skip to content

Require peer dependency review on release PR #7627

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Require peer dependency review on release PR #7627

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 27 additions & 0 deletions .github/workflows/ensure-peer-deps-review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# This check runs only on the release PR created by changesets.
# It requires that a label is added to ensure that peer dependency versions have been manually reviewed.

name: Check peer dependency versions have been reviewed

on:
pull_request:
types:
- synchronize
- labeled
- unlabeled
- edited
- ready_for_review
Comment on lines +9 to +13
Copy link
Member

@kanej kanej Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this set the PR back to reviewed if any edit happens?


jobs:
check-label:
if: github.head_ref == 'changeset-release/main'
Copy link
Member

@kanej kanej Oct 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the difference between this check and stating the branch in the on section?

name: Check peer dependency versions have been reviewed
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v5

- name: Check for the label presence
env:
GITHUB_EVENT_PULL_REQUEST_LABELS: ${{ toJson(github.event.pull_request.labels) }}
run: node scripts/validate-peer-dependencies-reviewed-label.mjs
45 changes: 45 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,51 @@ jobs:
echo "hasChangesets=${{steps.pr.outputs.hasChangesets}}"
echo "hasChangesets=${{steps.pr.outputs.hasChangesets}}" >> $GITHUB_OUTPUT

# The following two steps are to mark the changesets PR as draft
# This is so a user must mark it as ready for review, which will trigger workflows on this PR
# Otherwise workflows won't run since the PR is created by an action itself

- name: Find package versions PR
if: steps.pr.outputs.hasChangesets == 'true'
uses: actions/github-script@v7
id: find
with:
script: |
const owner = context.repo.owner;
const repo = context.repo.repo;
const head = `${owner}:changeset-release/main`;

const { data: prs } = await github.rest.pulls.list({ owner, repo, state: "open", head });
if (!prs.length) core.setFailed(`No open PR from ${head}`);
return { number: prs[0].number };

- name: Convert to draft
if: steps.pr.outputs.hasChangesets == 'true'
uses: actions/github-script@v7
with:
script: |
const { number } = ${{ steps.find.outputs.result }};
// 1) Get node ID for GraphQL
const query = `
query($owner:String!, $repo:String!, $number:Int!) {
repository(owner:$owner, name:$repo) {
pullRequest(number:$number) { id, isDraft, number }
}
}`;
const vars = { owner: context.repo.owner, repo: context.repo.repo, number: Number(number) };
const qres = await github.graphql(query, vars);
const pr = qres.repository.pullRequest;
if (pr.isDraft) return { already: true };

// 2) Convert to draft
const mutation = `
mutation($prId:ID!) {
convertPullRequestToDraft(input:{pullRequestId:$prId}) {
pullRequest { number, isDraft }
}
}`;
await github.graphql(mutation, { prId: pr.id });

pack:
name: Generate tarballs for publishing
needs: pr
Expand Down
31 changes: 31 additions & 0 deletions scripts/validate-peer-dependencies-reviewed-label.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
// @ts-check

/**
* This checks that the release PR has the "peer dependencies reviewed" label,
* to enforce the manual check on version specifiers before a release.
*/

const REVIEWED_LABEL = "peer dependencies reviewed";

function hasReviewedLabel() {
if (process.env.GITHUB_EVENT_PULL_REQUEST_LABELS === undefined) {
throw new Error("GITHUB_EVENT_PULL_REQUEST_LABELS is not defined");
}

const labels = JSON.parse(process.env.GITHUB_EVENT_PULL_REQUEST_LABELS);

return labels.some((l) => l.name === REVIEWED_LABEL);
}

async function validatePullRequest() {
if (hasReviewedLabel()) {
console.log(`The PR is labeled as '${REVIEWED_LABEL}'`);
return;
}

throw new Error(
`Peer dependencies are not reviewed. Add the '${REVIEWED_LABEL}' label to this PR once peer dependency version ranges have been manually reviewed.`
);
}

await validatePullRequest();
Loading