Conversation
There was a problem hiding this comment.
Pull request overview
Adds a GitHub Actions workflow to automatically approve dependency/codeflow PRs opened by dotnet-maestro[bot], based on a strict allowlist of files and line-level diff validation patterns.
Changes:
- Introduces
.github/workflows/auto-approve-codeflow.ymlto validate PR diffs (allowed files + regex patterns) and auto-approve when they match. - Uses
gh pr diffto inspect changes andgh pr review --approveto submit the approval.
You can also share your feedback on Copilot code review. Take the survey.
| | "NuGet.config"): | ||
| files_seen.add(current_file) | ||
| case _: | ||
| errors.append(f"Unexpected file: {current_file}") |
There was a problem hiding this comment.
Files under eng/common/ should be fine as well
| if errors: | ||
| for e in errors: | ||
| print(f"::notice::{e}") | ||
| print("::notice::Skipping auto-approve – PR contains unexpected changes") |
There was a problem hiding this comment.
This should add a comment mentioning @dotnet/efteam on the PR
|
FYI @wtgodbe @ViktorHofer |
|
It might be simpler to do this with policybot - we already do that in aspnetcore: https://github.com/dotnet/aspnetcore/blob/ab2e33a05f53406a5125b8971a6e5af6b35ff448/.github/policies/resourceManagement.yml#L267-L288 |
|
I think that's against policy. Every PR needs a human approval. @mmitche you might have more details on this. |
|
Yeah, we shouldn't be auto-approving these. In addition, a workflow is not a great way to do this since it can be broken by some simple changes to Actions at the org level. |
|
I'm very open for doing this in other ways, but I'd really like us to at least automate these pure dependency flow PRs specifically; I honestly am not sure what a human is supposed to do beyond what what this workflow does exactly - the proposed workflow filters for the exact changes that dependency flow does, in the exact files and nodes, etc. etc. |
This is a proposal to automate approval of maestro-bot codeflow PRs; we currently manually scan and approve these, and human attention really has no added value here. We do this several times a day.
@AndriySvyryd if this makes sense to you, maybe we can check with the codeflow infra people to make sure they don't have objections etc. But I really don't see what you and I bring to the table that this workflow cannot do.