gh-stbenjam-claude-nine-plugins-pr-automation/skills/approve-workflows/SKILL.md

---
name: PR Automation - Approve Workflows
description: Approve pending GitHub Actions workflows and add /ok-to-test comments to PRs that need testing
---

# PR Automation - Approve Workflows

This skill automates the approval of pending GitHub Actions workflows and adds `/ok-to-test` comments to pull requests that require external contributor verification.

## When to Use This Skill

Use this skill when you need to:
- Approve multiple pending GitHub Actions workflows from external contributors
- Add `/ok-to-test` comments to PRs labeled with "needs-ok-to-test"
- Automate the PR review workflow for repositories with many external contributions

## Prerequisites

1. **GitHub CLI (`gh`) installed**
   - Check if installed: `which gh`
   - If not installed, user needs to install it: https://cli.github.com/

2. **GitHub authentication**
   - Must be authenticated with `gh auth login`
   - Must have write access to the repository

3. **Repository context**
   - Repository name in `owner/repo` format
   - Or current directory must be a git repository

## Implementation Steps

### Step 1: Determine Repository

If a repository argument is provided, use it. Otherwise, detect from the current directory:

```bash
# If no repo provided, detect from git remote
if [ -z "$repo" ]; then
  repo=$(git remote get-url origin | sed -E 's/.*github\.com[:/]([^/]+\/[^.]+)(\.git)?/\1/')
fi
```

### Step 2: Find PRs Needing /ok-to-test

Query all open PRs with the "needs-ok-to-test" label:

```bash
gh pr list --repo "$repo" --limit 100 --json number,title,labels --state open \
  --jq '.[] | select(.labels[]? | .name == "needs-ok-to-test") | {number: .number, title: .title}'
```

For each PR found:
1. Extract the PR number
2. Add a comment with `/ok-to-test`:
   ```bash
   gh pr comment $pr_number --repo "$repo" --body "/ok-to-test"
   ```
3. Track success/failure for final summary

### Step 3: Find Workflow Runs Needing Approval

Query GitHub Actions API for workflow runs that need approval. There are two scenarios:

**Scenario A: Completed runs with action_required (already timed out)**
These cannot be approved but should be reported:
```bash
gh api "repos/$repo/actions/runs?per_page=100" \
  --jq '.workflow_runs[] | select(.conclusion == "action_required") | {id: .id, name: .name, branch: .head_branch, created: .created_at}'
```

**Scenario B: Waiting runs (can be approved)**
These are the ones we can actually approve:
```bash
gh api "repos/$repo/actions/runs" \
  --jq '.workflow_runs[] | select(.status == "waiting") | {id: .id, name: .name, branch: .head_branch}'
```

### Step 4: Approve Workflow Runs

For each workflow run that needs approval (status == "waiting"):

```bash
gh api "repos/$repo/actions/runs/$run_id/approve" -X POST
```

Track which runs were successfully approved vs which failed.

### Step 5: Generate Summary Report

Create a summary report with:

1. **PRs that received /ok-to-test comments**:
   - PR number and title
   - Comment URL

2. **Workflow runs approved**:
   - Run ID
   - Workflow name
   - Branch name
   - Status (approved/failed)

3. **Action required runs (informational)**:
   - Runs that timed out and cannot be approved
   - Suggest that new commits will trigger new runs

## Error Handling

Handle the following error cases:

1. **No repository found**: If not provided and can't detect from git, prompt user for repository name

2. **GitHub API errors**:
   - 404: Resource not found (run may have been deleted)
   - 403: Permission denied (user lacks approval permissions)
   - Report errors but continue processing other items

3. **No PRs or workflows found**: Report that everything is up to date

4. **Rate limiting**: If GitHub API rate limit is hit, report and suggest trying again later

## Output Format

Provide a structured summary:

```
# PR Workflow Approval Summary

## PRs Marked as /ok-to-test (3)
- PR #116: CLID-473: subagent to generate weekly reports
- PR #105: Add claude interactive google service account creation
- PR #76: an olmv1 claude plugin for managing clusterextensions

## GitHub Actions Workflows Approved (2)
- Run 18977369749: Lint Plugins (branch: add_qa_assignee_query) ✓
- Run 18979766265: Lint Plugins (branch: gh2jira) ✓

## Timed Out Workflows (informational) (5)
These workflows timed out waiting for approval. New commits will trigger new runs.
- Run 18968492733: Lint Plugins (branch: raise_pr_debug_cluster)
- Run 18967558922: Lint Plugins (branch: ovn_analyzer)
...

## Status
✓ All pending approvals completed successfully
```

## Examples

### Example 1: Approve workflows for specific repository

```bash
# User invokes: /pr-automation:approve-workflows openshift-eng/ai-helpers

# Step 1: Set repo variable
repo="openshift-eng/ai-helpers"

# Step 2: Find PRs needing ok-to-test
prs=$(gh pr list --repo "$repo" --limit 100 --json number,title,labels --state open \
  --jq '.[] | select(.labels[]? | .name == "needs-ok-to-test")')

# Step 3: Comment on each PR
echo "$prs" | jq -r '.number' | while read pr; do
  gh pr comment $pr --repo "$repo" --body "/ok-to-test"
done

# Step 4: Find and approve waiting workflows
gh api "repos/$repo/actions/runs" \
  --jq '.workflow_runs[] | select(.status == "waiting") | .id' | \
  while read run_id; do
    gh api "repos/$repo/actions/runs/$run_id/approve" -X POST
  done
```

### Example 2: Approve workflows for current repository

```bash
# User invokes: /pr-automation:approve-workflows

# Detect repo from git remote
repo=$(git remote get-url origin | sed -E 's/.*github\.com[:/]([^/]+\/[^.]+)(\.git)?/\1/')

# Continue with same steps as Example 1...
```

## Notes

- The `/ok-to-test` command is specific to Prow CI and triggers Prow jobs, not GitHub Actions
- GitHub Actions workflows from external contributors require manual approval via the approve API
- Once a PR has the "ok-to-test" label, future commits may not require re-approval
- Workflow runs that have already timed out (action_required conclusion) cannot be approved retroactively
- Some repositories may use different label names - this skill assumes "needs-ok-to-test"