Giter Club home page Giter Club logo

auto-me-bot's Introduction

Auto-Me-Bot

Managing a repository can be cumbersome ๐Ÿ‘ท and tiresome ๐Ÿ˜ซ.
Let alone managing multiple repositories used by multiple contributors and bots ๐Ÿ˜ง.

My name is auto-me-bot ๐Ÿค– I'm here to take some of the repo management load off your shoulders!

all-handlers-success
Failed Checks all-handlers-fail
Configuration

Place a file ๐Ÿ“ called auto-me-bot.yml in your .github folder ๐Ÿ“ in the repos you want me to help out with.
Check out the documentation to see what else I can do ๐Ÿค™. 

# .github/auto-me-bot.yml
---
pr:
  lifecycleLabels: # this means you I'll label PRs based on the their lifecycle.
  conventionalCommits: # this means I'll enforce conventional commit messages in PRs.
  conventionalTitle: # this means I'll enforce conventional title for PRs.
  signedCommits: # this means I'll make sure all commits in PRs are signed with the 'Signed-off-by' trailer.
  tasksList: # this means I'll verify completion of tasks list in PRs.
  autoApprove: # you can tell about users or bots you trust, and I'll automatically approve their PRs.

When using both the lifecycleLabels and autoApprove, it's advised to keep them separated and in order.
Otherwise, the GitHub's approve event might not make its way to the lifecycle handler, and we might miss a label.

Future Plans
  • Size based labeling for pull requests
  • Automate assignees and reviewers for pull requests
  • Various handlers for event types other then pull_requestpush and and issue event types
  • Repository management capabilities, such as labels creation and settings syncing
Alternatives

Other awesome applications the offer similar handlers as auto-me-bot

Works well with

If you keep your commits conventional,
you can use the version-bumper-action for GitHub, to automate your releases.

Contributors all-contributors-badge

Aaron Dewes
Aaron Dewes
๐Ÿ’ป		 Dolev Ben Aharon
Dolev Ben Aharon
๐Ÿ’ป ๐Ÿ“– ๐Ÿ› ๐Ÿค” ๐Ÿ“ฃ		 Jorge Vallecillo
Jorge Vallecillo
๐Ÿš‡

Contributing guidelines are here.

auto-me-bot's People

Contributors

aarondewes avatar allcontributors[bot] avatar altmas5 avatar dependabot[bot] avatar dolby360 avatar tomerfi avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

shidil dolby360 fireeagsaini ammar-knowledge tooniez rulcsoft aarondewes

auto-me-bot's Issues

Configuring the pr-signed-commits handler to ignore specific users

What did you have in mind?

As suggested here #47 (comment), adding a feature to allow configuring the pr-signed-commits to ignore specific users or emails, sounds like a great idea.

Are you trying to fix a problem?

No response

Any lead on how this feature can be implemented?

Current .github/auto-me-bot.yml configuration for the pr-signed-commits handler is:

---
pr:
  signedCommits:

We can add option to ignore a list of users/email or perhaps both:

---
pr:
  signedCommits:
    ignore:
      users: ["dependabot[bot]", "anotheruser"]
      emails: ["[email protected]", "[email protected]"]

The pr-tasks-list handler returns false outcome

What happened?

I've been witnessing occasions where the pr-tasks-list handler returns a successful outcome although not all tasks were checked.

An example can be viewed in this PR, although the first task is unchecked, the run seems to be successful.

This is pretty much all I have so far, I haven't had the time to investigate this.
If I'll bump into more occurrences of this weird "bug", I'll report them back here.

Please provide runtime information.

Irrelevant.

Relevant log output

No response

How can this issue be reproduced?

No response

Bump to Node 18

What did you have in mind?

Bump to Node 18 had been the lts version for more than a year.
Node 16 (the previous lts) isn't under active support for 8 month and drops security support in 2.

See https://endoflife.date/nodejs

This will requires:

  • update package.json
  • update ci workflow
  • prepare aws environment

Are you trying to fix a problem?

No response

Any lead on how this feature can be implemented?

No response

Allow conventional commits handler configuration

What did you have in mind?

Add the ability to configure the various handlers, to be more precise, the conventional commits handler screams a lot about commit message length, especially for dependabot's commits in repos containing their own sub repos/projects.

Example:

image

Are you trying to fix a problem?

No response

Any lead on how this feature can be implemented?

No response

Support ESModules dependencies

What did you have in mind?

Lately, A lot of NodeJS packages have migrated from CommonJS to ESModules. Which are not supported in this project. The following PRs are blocked:

Also, see TomerFi/github-viewer-stats#74.

This project is not consumed as a module, so it is only affected by the modules it consumes. It can either be migrated to ESModule or switched from require statements to dynamic import ones.

Are you trying to fix a problem?

No response

Any lead on how this feature can be implemented?

No response

Segregate handlers configuration

What did you have in mind?

Currently, all handlers have access to the full configuration file,
this is unwanted - the handlers don't need each other's configuration,
keeping it this way might invite coupling as this repo evolve and isn't the most secure thing to do.

Are you trying to fix a problem?

Prevent handlers from accessing each other's configuration.

Any lead on how this feature can be implemented?

As of the time of writing this, we have 3 handlers:

This is the handlers' distribution line:

auto-me-bot/src/auto-me-bot.js

Line 43 in 2bbcda7

invocations.push(handlers[key]()(context, config, startedAt));

The handlers, for example, pr-conventional-commits, can access the following configuration:

pr:
  conventionalCommits:
    x:
      y: z

like so:
config.pr.conventionalCommits.x.y
and, of course, can access any other configuration that exists in the configuration file.

If we change the following line, passing only the relevant configuration:

invocations.push(handlers[key]()(context, config.pr[key], startedAt));

this should mean that for the example above, the pr-conventional-commits will access its configuration like so:
x.y
and will not have access to it's parent configuration.

Bump Python to 3.12

What did you have in mind?

We use Python 3.10 to build the documentation site.

Are you trying to fix a problem?

No response

Any lead on how this feature can be implemented?

No response

Bug in identifying bots with the pr-signed-commits handler

What happened?

Technically, this line identifies bots, but it comes with a design bug (or even more):

auto-me-bot/src/handlers/pr-signed-commits.js

Line 36 in 261e4e7

let isBot = context.payload.sender.type === 'Bot'

For the record, bots get a pass from signing off on their commits.

The isBot verification is being performed per handler request, and not per commit in the request.

As it is currently designed, for PRs with mixed commits, i.e. commits sourced by bots and commits sourced by humans, the isBot is based on the last commit.

An example I came across, a new PR was opened by dependabot, the pr-signed-commits workflow passed but some other workflow of mine had failed on account of the change brought forward by depenedabot's dependency update.
Once I resolved and pushed it to the PR, my other workflow was passing, but pr-signed-commits workflow was now constantly failing because the last commit was from my user, and I'm not a verified bot, so the handler expected dependeabot to signed off on its commits as well.

That being said, even though the handler is not supposed to expect bots to sign off on their commits, dependabot does!
So although cases like the example I described above are in fact a bug and shouldn't happen, when it does happen, for some reason (allegedly another bug), the handler is not able to verify dependabot's sign-off trailer.

Please provide runtime information.

Irrelevant.

Relevant log output

An example of a commit message by `depenendabot`, which the handler wasn't able to pick up on its sign-off trailer:

build(deps-dev): bump flake8 from 4.0.1 to 5.0.1
Bumps [flake8](https://github.com/pycqa/flake8) from 4.0.1 to 5.0.1.
- [Release notes](https://github.com/pycqa/flake8/releases)
- [Commits](PyCQA/[email protected])

---
updated-dependencies:
- dependency-name: flake8
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

How can this issue be reproduced?

  • Wait for a PR by dependabot
  • Verify the pr-signed-commits handler passes
  • Add a commit of your own
  • Verify the pr-signed-commits handler fails

It's time for Node 20

What did you have in mind?

Node 20 is the LTS version and was released about 10 months ago. See here.
Support was added by AWS about 3 months ago. See here.

See the previous bump for reference: issue #230 pr #279.

Are you trying to fix a problem?

No response

Any lead on how this feature can be implemented?

No response

Issue: Prettier config file missing

What did you have in mind?

What is the issue?

Nowadays everyone uses Prettier, An automated code formatting tool.

The issue is everyone have different global settings of prettier according to their style. BUT this can cause useless changes to opensource projects as many people works on same code.

So having a prettier config file inside project directory can resolve this issue.

Are you trying to fix a problem?

Yes.

Any lead on how this feature can be implemented?

How to solve this issue?

adding a file .prettierrc and .prettierignore will solve this issue

Tests are not passing on windows machine.

What did you have in mind?

The behavior on win is weird, some of the fields in tests results duplicate for some reason.
'```\r\n' + 'chore: unit test this thing\n' + '\n' + 'chore: unit test this thing\r\n' + '\r\n' + 'Lorem ipsum dolor sit amet\r\n' + '```\r\n' +

Are you trying to fix a problem?

Any lead on how this feature can be implemented?

No response

PR title enforcement

What did you have in mind?

It seems like there is a demand to enforce conventional commits on PR titles as well.

Are you trying to fix a problem?

No response

Any lead on how this feature can be implemented?

@TomerFi suggested here on these 2 optional design.

---
pr:
  conventionalCommits:
    includePrTitle: true
    rules:
      'body-max-line-length': [2, 'always', 150]
---
pr:
  conventionalPrTitles:
  conventionalCommits:
    rules:
      'body-max-line-length': [2, 'always', 150]

I tend to agree with the second option. Because as the example shows it does not really make sense to custom rules the same way for both.

Use faker js for fake names and emails

What did you have in mind?

I think that using faker.js to generate names and emails is more standard in testing (I'm not really sure I got this by reading over the internet).

For example, this piece of test can use that.

    const fakeAuthorName = 'Elias Author';
    const fakeAuthorEmail = '[email protected]';
    const fakeCommitterName = 'Ezekiel Committer';
    const fakeCommitterEmail = '[email protected]';

Are you trying to fix a problem?

No response

Any lead on how this feature can be implemented?

No response

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.