From 9a3201ef3de3d42416d917187decc7d079651de3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Paulo=20Silva=20de=20Souza?=
 <77391175+joao-paulo-parity@users.noreply.github.com>
Date: Tue, 26 Apr 2022 09:14:21 -0300
Subject: [PATCH] Skip pr-custom-review if pull request is in Draft (#11248)

* skip pr-custom-review if pull request is in Draft

* ready_for_review

* document steps[*].if

* fix

* converted_to_draft

* fix

Co-authored-by: Giles Cope <gilescope@gmail.com>
---
 .../.github/workflows/pr-custom-review.yml    | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/substrate/.github/workflows/pr-custom-review.yml b/substrate/.github/workflows/pr-custom-review.yml
index 322403da03b..6cb16d931d6 100644
--- a/substrate/.github/workflows/pr-custom-review.yml
+++ b/substrate/.github/workflows/pr-custom-review.yml
@@ -11,12 +11,31 @@ on:
       - synchronize
       - review_requested
       - review_request_removed
+      - ready_for_review
+      - converted_to_draft
   pull_request_review:
 
 jobs:
   pr-custom-review:
     runs-on: ubuntu-latest
     steps:
+      - name: Skip if pull request is in Draft
+        # `if: github.event.pull_request.draft == true` should be kept here, at
+        # the step level, rather than at the job level. The latter is not
+        # recommended because when the PR is moved from "Draft" to "Ready to
+        # review" the workflow will immediately be passing (since it was skipped),
+        # even though it hasn't actually ran, since it takes a few seconds for
+        # the workflow to start. This is also disclosed in:
+        # https://github.community/t/dont-run-actions-on-draft-pull-requests/16817/17
+        # That scenario would open an opportunity for the check to be bypassed:
+        # 1. Get your PR approved
+        # 2. Move it to Draft
+        # 3. Push whatever commits you want
+        # 4. Move it to "Ready for review"; now the workflow is passing (it was
+        #    skipped) and "Check reviews" is also passing (it won't be updated
+        #    until the workflow is finished)
+        if: github.event.pull_request.draft == true
+        run: exit 1
       - name: pr-custom-review
         uses: paritytech/pr-custom-review@v2
         with:
-- 
GitLab