use graphql api to request team reviews

Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 5.56.0 to 5.57.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.57.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/dependabot.yml

@@ -4,6 +4,7 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+      day: "tuesday"
     labels:
       - "dependencies"
 
@@ -11,5 +12,9 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
-    allow:
+      day: "tuesday"
-      - dependency-name: "@actions/*"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
+    labels:
+      - "dependencies"

.github/workflows/automerge-dependabot.yml

@@ -0,0 +1,13 @@
+name: Auto-merge Dependabot
+on: pull_request
+
+jobs:
+  automerge:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - uses: peter-evans/enable-pull-request-automerge@v3
+        with:
+          token: ${{ secrets.ACTIONS_BOT_TOKEN }}
+          pull-request-number: ${{ github.event.pull_request.number }}
+          merge-method: squash

.github/workflows/ci.yml

@@ -77,7 +77,7 @@ jobs:
             Auto-generated by [create-pull-request][1]
 
             [1]: https://github.com/peter-evans/create-pull-request
-          branch: ci-test-${{ matrix.target }}
+          branch: ci-test-${{ matrix.target }}-${{ github.sha }}
 
       - name: Close Pull
         uses: peter-evans/close-pull@v2
@@ -123,6 +123,7 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v4
         with:
+          token: ${{ secrets.ACTIONS_BOT_TOKEN }}
           commit-message: 'build: update distribution'
           title: Update distribution
           body: |

.github/workflows/slash-command-dispatch.yml

@@ -18,6 +18,12 @@ jobs:
                 "repository": "peter-evans/create-pull-request-tests",
                 "named_args": true
               },
+              {
+                "command": "testv4",
+                "permission": "admin",
+                "repository": "peter-evans/create-pull-request-tests",
+                "named_args": true
+              },
               {
                 "command": "clean",
                 "permission": "admin",

.github/workflows/update-major-version.yml

@@ -0,0 +1,31 @@
+name: Update Major Version
+run-name: Update ${{ github.event.inputs.main_version }} to ${{ github.event.inputs.target }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      target:
+        description: The target tag or reference
+        required: true
+      main_version:
+        type: choice
+        description: The major version tag to update
+        options:
+          - v4
+
+jobs:
+  tag:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        token: ${{ secrets.ACTIONS_BOT_TOKEN }}
+        fetch-depth: 0
+    - name: Git config
+      run: |
+        git config user.name actions-bot
+        git config user.email actions-bot@users.noreply.github.com
+    - name: Tag new target
+      run: git tag -f ${{ github.event.inputs.main_version }} ${{ github.event.inputs.target }}
+    - name: Push new tag
+      run: git push origin ${{ github.event.inputs.main_version }} --force

README.md

@@ -59,7 +59,7 @@ All inputs are **optional**. If not set, sensible defaults will be used.
 | `author` | The author name and email address in the format `Display Name <email@address.com>`. Defaults to the user who triggered the workflow run. | `${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>` |
 | `signoff` | Add [`Signed-off-by`](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt---signoff) line by the committer at the end of the commit log message. | `false` |
 | `branch` | The pull request branch name. | `create-pull-request/patch` |
-| `delete-branch` | Delete the `branch` when closing pull requests, and when undeleted after merging. Recommend `true`. | `false` |
+| `delete-branch` | Delete the `branch` when closing pull requests, and when undeleted after merging. | `false` |
 | `branch-suffix` | The branch suffix type when using the alternative branching strategy. Valid values are `random`, `timestamp` and `short-commit-hash`. See [Alternative strategy](#alternative-strategy---always-create-a-new-pull-request-branch) for details. | |
 | `base` | Sets the pull request base branch. | Defaults to the branch checked out in the workflow. |
 | `push-to-fork` | A fork of the checked-out parent repository to which the pull request branch will be pushed. e.g. `owner/repo-fork`. The pull request will be created to merge the fork's branch into the parent's base. See [push pull request branches to a fork](docs/concepts-guidelines.md#push-pull-request-branches-to-a-fork) for details. | |

docs/concepts-guidelines.md

@@ -146,7 +146,7 @@ There are a number of workarounds with different pros and cons.
 
 - Use the default `GITHUB_TOKEN` and allow the action to create pull requests that have no checks enabled. Manually close pull requests and immediately reopen them. This will enable `on: pull_request` workflows to run and be added as checks. To prevent merging of pull requests without checks erroneously, use [branch protection rules](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests).
 
-- Use a `repo` scoped [Personal Access Token (PAT)](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) created on an account that has write access to the repository that pull requests are being created in. This is the standard workaround and [recommended by GitHub](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token). However, the PAT cannot be scoped to a specific repository so the token becomes a very sensitive secret. If this is a concern, the PAT can instead be created for a dedicated [machine account](https://docs.github.com/en/github/site-policy/github-terms-of-service#3-account-requirements) that has collaborator access to the repository. Also note that because the account that owns the PAT will be the creator of pull requests, that user account will be unable to perform actions such as request changes or approve the pull request.
+- Use a `repo` scoped [Personal Access Token (PAT)](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) created on an account that has write access to the repository that pull requests are being created in. This is the standard workaround and [recommended by GitHub](https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow). However, the PAT cannot be scoped to a specific repository so the token becomes a very sensitive secret. If this is a concern, the PAT can instead be created for a dedicated [machine account](https://docs.github.com/en/github/site-policy/github-terms-of-service#3-account-requirements) that has collaborator access to the repository. Also note that because the account that owns the PAT will be the creator of pull requests, that user account will be unable to perform actions such as request changes or approve the pull request.
 
 - Use [SSH (deploy keys)](#push-using-ssh-deploy-keys) to push the pull request branch. This is arguably more secure than using a PAT because deploy keys can be set per repository. However, this method will only trigger `on: push` workflows.
 

docs/examples.md

@@ -19,6 +19,7 @@
   - [autopep8](#autopep8)
 - [Misc workflow tips](#misc-workflow-tips)
   - [Filtering push events](#filtering-push-events)
+  - [Bypassing git hooks](#bypassing-git-hooks)
   - [Dynamic configuration using variables](#dynamic-configuration-using-variables)
   - [Setting the pull request body from a file](#setting-the-pull-request-body-from-a-file)
   - [Using a markdown template](#using-a-markdown-template)
@@ -526,6 +527,18 @@ jobs:
       ...
 ```
 
+### Bypassing git hooks
+
+If you have git hooks that prevent the action from working correctly you can remove them before running the action.
+
+```yml
+      # Remove git hooks
+      - run: rm -rf .git/hooks
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v4
+```
+
 ### Dynamic configuration using variables
 
 The following examples show how configuration for the action can be dynamically defined in a previous workflow step.

package.json

@@ -31,28 +31,28 @@
   "dependencies": {
     "@actions/core": "^1.10.0",
     "@actions/exec": "^1.1.1",
-    "@octokit/core": "^3.5.1",
+    "@octokit/core": "^4.2.0",
-    "@octokit/plugin-paginate-rest": "^2.17.0",
+    "@octokit/plugin-paginate-rest": "^5.0.1",
-    "@octokit/plugin-rest-endpoint-methods": "^5.13.0",
+    "@octokit/plugin-rest-endpoint-methods": "^6.8.1",
     "proxy-agent": "^5.0.0",
-    "uuid": "^8.3.2"
+    "uuid": "^9.0.0"
   },
   "devDependencies": {
-    "@types/jest": "^27.5.0",
+    "@types/jest": "^29.5.0",
-    "@types/node": "^16.11.11",
+    "@types/node": "^18.15.10",
-    "@typescript-eslint/parser": "^5.5.0",
+    "@typescript-eslint/parser": "^5.57.0",
-    "@vercel/ncc": "^0.32.0",
+    "@vercel/ncc": "^0.36.1",
-    "eslint": "^8.3.0",
+    "eslint": "^8.36.0",
-    "eslint-import-resolver-typescript": "^2.5.0",
+    "eslint-import-resolver-typescript": "^3.5.3",
-    "eslint-plugin-github": "^4.3.5",
+    "eslint-plugin-github": "^4.7.0",
-    "eslint-plugin-import": "^2.25.3",
+    "eslint-plugin-import": "^2.27.5",
-    "eslint-plugin-jest": "^26.1.5",
+    "eslint-plugin-jest": "^27.2.1",
-    "jest": "^28.1.0",
+    "jest": "^29.5.0",
-    "jest-circus": "^28.1.0",
+    "jest-circus": "^29.4.2",
-    "jest-environment-jsdom": "^28.1.0",
+    "jest-environment-jsdom": "^29.5.0",
     "js-yaml": "^4.1.0",
-    "prettier": "^2.5.0",
+    "prettier": "^2.8.7",
-    "ts-jest": "^28.0.2",
+    "ts-jest": "^29.0.5",
-    "typescript": "^4.5.2"
+    "typescript": "^4.9.5"
   }
 }

src/create-pull-request.ts

@@ -35,6 +35,10 @@ export interface Inputs {
 export async function createPullRequest(inputs: Inputs): Promise<void> {
   let gitAuthHelper
   try {
+    if (!inputs.token) {
+      throw new Error(`Input 'token' not supplied. Unable to continue.`)
+    }
+
     // Get the repository path
     const repoPath = utils.getRepoPath(inputs.path)
     // Create a git command manager

src/github-helper.ts

@@ -158,10 +158,10 @@ export class GitHubHelper {
       requestReviewersParams['reviewers'] = inputs.reviewers
       core.info(`Requesting reviewers '${inputs.reviewers}'`)
     }
-    if (inputs.teamReviewers.length > 0) {
+    // if (inputs.teamReviewers.length > 0) {
-      requestReviewersParams['team_reviewers'] = inputs.teamReviewers
+    //   requestReviewersParams['team_reviewers'] = inputs.teamReviewers
-      core.info(`Requesting team reviewers '${inputs.teamReviewers}'`)
+    //   core.info(`Requesting team reviewers '${inputs.teamReviewers}'`)
-    }
+    // }
     if (Object.keys(requestReviewersParams).length > 0) {
       try {
         await this.octokit.rest.pulls.requestReviewers({
@@ -178,6 +178,147 @@ export class GitHubHelper {
       }
     }
 
+    const orgs = inputs.teamReviewers.map(team => {
+      if (!team.includes('/')) {
+        throw new Error(
+          `Team ${team} is not in the correct format. It should be in the format org/team`
+        )
+      }
+      return team.split('/')[0]
+    })
+    const distinctOrgs = [...new Set(orgs)]
+    core.debug(`distinctOrgs: ${distinctOrgs}`)
+
+    const orgTeams = await Promise.all(
+      distinctOrgs.map(org => this.getOrgTeams(org))
+    )
+
+    const teamIds = inputs.teamReviewers.map(team => {
+      const [org, teamName] = team.split('/')
+      const orgTeam = orgTeams.find(
+        orgTeam => orgTeam.organization.login === org
+      )
+      if (!orgTeam) {
+        throw new Error(`Org ${org} not found`)
+      }
+      const teamId = orgTeam.organization.teams.edges.find(
+        team => team.node.slug === teamName
+      )?.node.id
+      if (!teamId) {
+        throw new Error(`Team ${teamName} not found in ${org}`)
+      }
+      return teamId
+    })
+    core.debug(`teamIds: ${teamIds}`)
+
+    if (teamIds.length > 0) {
+      const repository = this.parseRepository(baseRepository)
+      const pullNodeId = await this.getPullNodeId(
+        repository.owner,
+        repository.repo,
+        pull.number
+      )
+      core.debug(`pullNodeId: ${pullNodeId}`)
+
+      await this.requestReviewers(pullNodeId, teamIds)
+    }
+
     return pull
   }
+
+  async getOrgTeams(orgName: string): Promise<OrgTeams> {
+    const query = `
+      query($orgName: String!, $teamCount: Int!) {
+        organization(login: $orgName) {
+          login
+          teams(first: $teamCount) {
+            edges {
+              node {
+                id
+                slug
+              }
+            }
+          }
+        }
+      }
+    `
+    const teamCount = 100
+    return this.octokit.graphql<OrgTeams>(query, {
+      orgName,
+      teamCount
+    })
+  }
+
+  async getPullNodeId(
+    owner: string,
+    repo: string,
+    pullNumber: number
+  ): Promise<string> {
+    const query = `
+      query($owner: String!, $repo: String!) {
+        repository(owner: $owner, name: $repo) {
+          pullRequest(number: ${pullNumber}) {
+            id
+          }
+        }
+      }
+    `
+
+    return (
+      await this.octokit.graphql<PullRequestResponse>(query, {
+        owner,
+        repo
+      })
+    ).repository.pullRequest.id
+  }
+
+  async requestReviewers(
+    pullRequestId: string,
+    teamIds: string[]
+  ): Promise<void> {
+    const mutation = `
+      mutation($input: RequestReviewsInput!) {
+        requestReviews(input: $input) {
+          clientMutationId
+        }
+      }
+    `
+
+    await this.octokit
+      .graphql(mutation, {
+        input: {
+          pullRequestId,
+          teamIds: teamIds,
+          union: true
+        }
+      })
+      .then(response => {
+        core.info('Reviews requested successfully')
+      })
+      .catch(error => {
+        core.error(error)
+      })
+  }
+}
+
+interface OrgTeams {
+  organization: {
+    login: string
+    teams: {
+      edges: {
+        node: {
+          id: string
+          slug: string
+        }
+      }[]
+    }
+  }
+}
+
+interface PullRequestResponse {
+  repository: {
+    pullRequest: {
+      id: string
+    }
+  }
 }