Skip to content

BUILD-10590 retrigger verified approvals on review events#87

Merged
julien-carsique-sonarsource merged 1 commit intomasterfrom
feat/jcarsique/BUILD-10590-verifiedApprovals
Mar 6, 2026
Merged

BUILD-10590 retrigger verified approvals on review events#87
julien-carsique-sonarsource merged 1 commit intomasterfrom
feat/jcarsique/BUILD-10590-verifiedApprovals

Conversation

@julien-carsique-sonarsource
Copy link
Contributor

@julien-carsique-sonarsource julien-carsique-sonarsource commented Mar 4, 2026
edited
Loading

Summary

Part of BUILD-10590 — PoC GitHub org rule workflow to secure PRs.

Adds a workflow that re-triggers the verified-approvals check whenever a pull request review is submitted or dismissed.
This ensures the approval count is re-evaluated after any review activity, keeping the GitHub ruleset check accurate.

Depends on SonarSource/ci-github-actions#227
Need to be merged first, for testing purposes. Then it will be realigned on master: #88

Changes

Context

The GitHub org ruleset #4485920 ("2 approvers for public repositories") requires the verified-approvals workflow to pass before merging.
This workflow enforces that:

  • internal PRs have at least 1 approval
  • external PRs have at least 2 approvals

This repository (sonar-dummy-python-oss) is used as the test bed for the feature.

Test plan

  • Open a PR and verify the verified-approvals check is triggered on review submission
  • Dismiss a review and verify the check is re-triggered
  • Confirm check passes with the required number of approvals for internal and external PRs

@hashicorp-vault-sonar-prod
Copy link

hashicorp-vault-sonar-prod bot commented Mar 4, 2026
edited by atlassian bot
Loading

BUILD-10590

@julien-carsique-sonarsource julien-carsique-sonarsource force-pushed the feat/jcarsique/BUILD-10590-verifiedApprovals branch 2 times, most recently from 08bd1e1 to c6f47bb Compare March 5, 2026 16:18
@julien-carsique-sonarsource julien-carsique-sonarsource marked this pull request as ready for review March 5, 2026 16:21
@julien-carsique-sonarsource julien-carsique-sonarsource requested a review from a team as a code owner March 5, 2026 16:21
Copilot AI review requested due to automatic review settings March 5, 2026 16:21
Copilot AI reviewed Mar 5, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a new GitHub Actions workflow (.github/workflows/re-trigger-approvals.yml) that re-triggers the verified-approvals check whenever a pull request review is submitted or dismissed. This is part of the BUILD-10590 initiative to secure PRs via a GitHub org ruleset that requires the verified-approvals check to pass before merging. The workflow delegates to a reusable workflow in SonarSource/ci-github-actions.

Changes:

  • Add .github/workflows/re-trigger-approvals.yml that triggers on pull_request_review (submitted/dismissed) and workflow_dispatch, and calls the reusable re-trigger-approvals workflow from ci-github-actions.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@julien-carsique-sonarsource julien-carsique-sonarsource force-pushed the feat/jcarsique/BUILD-10590-verifiedApprovals branch from c6f47bb to 77f943a Compare March 5, 2026 16:27
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 5, 2026

SonarQube reviewer guide

Review in SonarQube

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 Dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@julien-carsique-sonarsource julien-carsique-sonarsource merged commit 9d4cd3f into master Mar 6, 2026
8 checks passed
@julien-carsique-sonarsource julien-carsique-sonarsource deleted the feat/jcarsique/BUILD-10590-verifiedApprovals branch March 6, 2026 08:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@bwalsh434 bwalsh434 bwalsh434 approved these changes

@yogesonar yogesonar yogesonar approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@julien-carsique-sonarsource @bwalsh434 @yogesonar