From b10418f7d2966ac7424c8e07c4574dd32d3ff3be Mon Sep 17 00:00:00 2001
From: Tuomo Tanskanen <tuomo.tanskanen@est.tech>
Date: Fri, 5 Apr 2024 16:48:57 +0300
Subject: [PATCH] add workflow to approve actions on PR change

If external contributor adds a PR, and a member /ok-to-test it, GH
actions do not run until approved by an approver. This approval needs
to be given if the PR content changes, so it inconveniences the
contributor but also the approver.

This PR approves workflows, if ok-to-test label is present.

Adapted from CAPI workflow:
https://github.com/kubernetes-sigs/cluster-api/blob/main/.github/workflows/pr-gh-workflow-approve.yaml

Signed-off-by: Tuomo Tanskanen <tuomo.tanskanen@est.tech>
---
 .github/workflows/pr-gh-workflow-approve.yaml | 42 +++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 .github/workflows/pr-gh-workflow-approve.yaml

diff --git a/.github/workflows/pr-gh-workflow-approve.yaml b/.github/workflows/pr-gh-workflow-approve.yaml
new file mode 100644
index 000000000..f00e6c6ca
--- /dev/null
+++ b/.github/workflows/pr-gh-workflow-approve.yaml
@@ -0,0 +1,42 @@
+# adapted from github.com/kubernetes-sigs/cluster-api/.github/workflows/pr-gh-workflow-approve.yaml
+# this workflow approves workflows if the PR has /ok-to-test
+# related Prow feature request https://github.com/kubernetes/test-infra/issues/25210
+
+name: Approve GH Workflows
+
+on:
+  pull_request_target:
+    types: [opened, edited, reopened, synchronize]
+
+jobs:
+  approve:
+    name: Approve on ok-to-test
+    runs-on: ubuntu-latest
+
+    permissions:
+      actions: write
+
+    if: contains(github.event.pull_request.labels.*.name, 'ok-to-test')
+    steps:
+    - name: Update PR
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      continue-on-error: true
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        script: |
+          const result = await github.rest.actions.listWorkflowRunsForRepo({
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            event: "pull_request",
+            status: "action_required",
+            head_sha: context.payload.pull_request.head.sha,
+            per_page: 100
+          });
+
+          for (var run of result.data.workflow_runs) {
+            await github.rest.actions.approveWorkflowRun({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              run_id: run.id
+            });
+          }