gh-stbenjam-claude-nine-plugins-pr-automation/skills/approve-workflows/SKILL.md

name, description

name	description
PR Automation - Approve Workflows	Approve pending GitHub Actions workflows and add /ok-to-test comments to PRs that need testing

PR Automation - Approve Workflows

This skill automates the approval of pending GitHub Actions workflows and adds /ok-to-test comments to pull requests that require external contributor verification.

When to Use This Skill

Use this skill when you need to:

• Approve multiple pending GitHub Actions workflows from external contributors
• Add /ok-to-test comments to PRs labeled with "needs-ok-to-test"
• Automate the PR review workflow for repositories with many external contributions

Prerequisites

1. GitHub CLI (gh) installed

   • Check if installed: which gh
   • If not installed, user needs to install it: https://cli.github.com/

2. GitHub authentication

   • Must be authenticated with gh auth login
   • Must have write access to the repository

3. Repository context

   • Repository name in owner/repo format
   • Or current directory must be a git repository

Implementation Steps

Step 1: Determine Repository

If a repository argument is provided, use it. Otherwise, detect from the current directory:

# If no repo provided, detect from git remote
if [ -z "$repo" ]; then
  repo=$(git remote get-url origin | sed -E 's/.*github\.com[:/]([^/]+\/[^.]+)(\.git)?/\1/')
fi

Step 2: Find PRs Needing /ok-to-test

Query all open PRs with the "needs-ok-to-test" label:

gh pr list --repo "$repo" --limit 100 --json number,title,labels --state open \
  --jq '.[] | select(.labels[]? | .name == "needs-ok-to-test") | {number: .number, title: .title}'

For each PR found:

1. Extract the PR number
2. Add a comment with /ok-to-test:

   gh pr comment $pr_number --repo "$repo" --body "/ok-to-test"
   

3. Track success/failure for final summary

Step 3: Find Workflow Runs Needing Approval

Query GitHub Actions API for workflow runs that need approval. There are two scenarios:

Scenario A: Completed runs with action_required (already timed out) These cannot be approved but should be reported:

gh api "repos/$repo/actions/runs?per_page=100" \
  --jq '.workflow_runs[] | select(.conclusion == "action_required") | {id: .id, name: .name, branch: .head_branch, created: .created_at}'

Scenario B: Waiting runs (can be approved) These are the ones we can actually approve:

gh api "repos/$repo/actions/runs" \
  --jq '.workflow_runs[] | select(.status == "waiting") | {id: .id, name: .name, branch: .head_branch}'

Step 4: Approve Workflow Runs

For each workflow run that needs approval (status == "waiting"):

gh api "repos/$repo/actions/runs/$run_id/approve" -X POST

Track which runs were successfully approved vs which failed.

Step 5: Generate Summary Report

Create a summary report with:

1. PRs that received /ok-to-test comments:

   • PR number and title
   • Comment URL

2. Workflow runs approved:

   • Run ID
   • Workflow name
   • Branch name
   • Status (approved/failed)

3. Action required runs (informational):

   • Runs that timed out and cannot be approved
   • Suggest that new commits will trigger new runs

Error Handling

Handle the following error cases:

1. No repository found: If not provided and can't detect from git, prompt user for repository name

2. GitHub API errors:

   • 404: Resource not found (run may have been deleted)
   • 403: Permission denied (user lacks approval permissions)
   • Report errors but continue processing other items

3. No PRs or workflows found: Report that everything is up to date

4. Rate limiting: If GitHub API rate limit is hit, report and suggest trying again later

Output Format

Provide a structured summary:

# PR Workflow Approval Summary

## PRs Marked as /ok-to-test (3)
- PR #116: CLID-473: subagent to generate weekly reports
- PR #105: Add claude interactive google service account creation
- PR #76: an olmv1 claude plugin for managing clusterextensions

## GitHub Actions Workflows Approved (2)
- Run 18977369749: Lint Plugins (branch: add_qa_assignee_query) ✓
- Run 18979766265: Lint Plugins (branch: gh2jira) ✓

## Timed Out Workflows (informational) (5)
These workflows timed out waiting for approval. New commits will trigger new runs.
- Run 18968492733: Lint Plugins (branch: raise_pr_debug_cluster)
- Run 18967558922: Lint Plugins (branch: ovn_analyzer)
...

## Status
✓ All pending approvals completed successfully

Examples

Example 1: Approve workflows for specific repository

# User invokes: /pr-automation:approve-workflows openshift-eng/ai-helpers

# Step 1: Set repo variable
repo="openshift-eng/ai-helpers"

# Step 2: Find PRs needing ok-to-test
prs=$(gh pr list --repo "$repo" --limit 100 --json number,title,labels --state open \
  --jq '.[] | select(.labels[]? | .name == "needs-ok-to-test")')

# Step 3: Comment on each PR
echo "$prs" | jq -r '.number' | while read pr; do
  gh pr comment $pr --repo "$repo" --body "/ok-to-test"
done

# Step 4: Find and approve waiting workflows
gh api "repos/$repo/actions/runs" \
  --jq '.workflow_runs[] | select(.status == "waiting") | .id' | \
  while read run_id; do
    gh api "repos/$repo/actions/runs/$run_id/approve" -X POST
  done

Example 2: Approve workflows for current repository

# User invokes: /pr-automation:approve-workflows

# Detect repo from git remote
repo=$(git remote get-url origin | sed -E 's/.*github\.com[:/]([^/]+\/[^.]+)(\.git)?/\1/')

# Continue with same steps as Example 1...

Notes

• The /ok-to-test command is specific to Prow CI and triggers Prow jobs, not GitHub Actions
• GitHub Actions workflows from external contributors require manual approval via the approve API
• Once a PR has the "ok-to-test" label, future commits may not require re-approval
• Workflow runs that have already timed out (action_required conclusion) cannot be approved retroactively
• Some repositories may use different label names - this skill assumes "needs-ok-to-test"