fix: dead link in ARCHITECTURE.md
#373
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # **what?** | |
| # Enforces 2 reviews when artifact or validation files are modified. | |
| # **why?** | |
| # Ensure artifact changes receive proper review from designated team members. GitHub doesn't support | |
| # multiple reviews on a single PR based on files changed, so we need to enforce this manually. | |
| # **when?** | |
| # This will run when reviews are submitted and dismissed. | |
| name: "Enforce Additional Reviews on Artifact and Validations Changes" | |
| on: | |
| # trigger check on review events | |
| pull_request_review: | |
| types: [submitted, edited, dismissed] | |
| # only run this once per PR at a time | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number }} | |
| cancel-in-progress: true | |
| env: | |
| required_approvals: 2 | |
| team: "core-group" | |
| jobs: | |
| check-reviews: | |
| name: "Validate Additional Reviews" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "Checkout code" | |
| uses: actions/checkout@v4 | |
| - name: "Get list of changed files" | |
| id: changed_files | |
| run: | | |
| CHANGED_FILES=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files | jq -r '.[].filename') | |
| echo "Changed files:" | |
| echo "$CHANGED_FILES" | |
| echo "CHANGED_FILES<<EOF" >> $GITHUB_OUTPUT | |
| echo "$CHANGED_FILES" >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "Check if any artifact files were changed" | |
| id: artifact_files_changed | |
| run: | | |
| artifact_changes=false | |
| while IFS= read -r file; do | |
| echo "Debug: Checking file: '$file'" | |
| if [[ "$file" == "core/dbt/artifacts/"* ]] ; then | |
| artifact_changes=true | |
| break | |
| fi | |
| done <<< "${{ steps.changed_files.outputs.CHANGED_FILES }}" | |
| echo "artifact_changes=$artifact_changes" >> $GITHUB_OUTPUT | |
| - name: "Get Core Team Members" | |
| if: ${{ steps.artifact_files_changed.outputs.artifact_changes == 'true' }} | |
| id: core_members | |
| run: | | |
| gh api -H "Accept: application/vnd.github+json" \ | |
| /orgs/dbt-labs/teams/${{ env.team }}/members > core_members.json | |
| # Extract usernames and set as multiline output | |
| echo "membership<<EOF" >> $GITHUB_OUTPUT | |
| jq -r '.[].login' core_members.json >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| env: | |
| GH_TOKEN: ${{ secrets.IT_TEAM_MEMBERSHIP }} | |
| - name: "Verify ${{ env.required_approvals }} core team approvals" | |
| id: check_approvals | |
| if: ${{ steps.artifact_files_changed.outputs.artifact_changes == 'true' }} | |
| run: | | |
| # Get all reviews | |
| REVIEWS=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews) | |
| # Count approved reviews from core team members (only most recent review per user) | |
| CORE_APPROVALS=0 | |
| while IFS= read -r member; do | |
| echo "member: $member" | |
| APPROVED=$(echo "$REVIEWS" | jq --arg user "$member" ' | |
| group_by(.user.login) | | |
| map(select(.[0].user.login == $user) | | |
| sort_by(.submitted_at) | | |
| last) | | |
| map(select(.state == "APPROVED")) | | |
| length') | |
| CORE_APPROVALS=$((CORE_APPROVALS + APPROVED)) | |
| done <<< "${{ steps.core_members.outputs.membership }}" | |
| echo "CORE_APPROVALS=$CORE_APPROVALS" >> $GITHUB_OUTPUT | |
| echo $CORE_APPROVALS | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "Notify and fail if not enough approvals" | |
| if: ${{ steps.artifact_files_changed.outputs.artifact_changes == 'true' && steps.check_approvals.outputs.CORE_APPROVALS < fromJSON(env.required_approvals) }} | |
| run: | | |
| title="PR Approval Requirements Not Met" | |
| message="Changes to artifact directory files requires at least ${{ env.required_approvals }} approvals from core team members. Current number of core team approvals: ${{ steps.check_approvals.outputs.CORE_APPROVALS }} " | |
| echo "::error title=$title::$message" | |
| exit 1 | |
| - name: "Notify of sufficient approvals" | |
| if: ${{ steps.artifact_files_changed.outputs.artifact_changes == 'true' && steps.check_approvals.outputs.CORE_APPROVALS >= fromJSON(env.required_approvals) }} | |
| run: | | |
| title="Extra requirements met" | |
| message="Changes to artifact directory files requires at least ${{ env.required_approvals }} approvals from core team members. Current number of core team approvals: ${{ steps.check_approvals.outputs.CORE_APPROVALS }} " | |
| echo "::notice title=$title::$message" | |
| - name: "Notify of no extra requirements" | |
| if: ${{ steps.artifact_files_changed.outputs.artifact_changes != 'true' }} | |
| run: | | |
| title="No extra requirements" | |
| message="No additional reviews required" | |
| echo "::notice title=$title::$message" |