Manage contributor vouch status via discussion comments. When a collaborator
with sufficient permissions comments vouch on a discussion, the discussion
author is added to the vouched contributors list. When they comment denounce,
the user is denounced. When they comment unvouch, the user is removed from
the list entirely. The trigger keywords and required permission levels are
configurable.
Discussion data (comment body, commenter, discussion author) is fetched via the GitHub GraphQL API since discussions are not available through the REST API.
on:
discussion_comment:
types: [created]
# Serialize updates to the VOUCHED file.
concurrency:
group: vouch-manage
cancel-in-progress: false
permissions:
contents: write
discussions: write
jobs:
manage:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: mitchellh/vouch/action/manage-by-discussion@v1
with:
discussion-number: ${{ github.event.discussion.number }}
comment-node-id: ${{ github.event.comment.node_id }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}| Name | Required | Default | Description |
|---|---|---|---|
comment-node-id |
Yes | GraphQL node ID of the discussion comment | |
discussion-number |
Yes | Discussion number | |
allow-denounce |
No | "true" |
Enable denounce handling |
allow-unvouch |
No | "true" |
Enable unvouch handling |
allow-vouch |
No | "true" |
Enable vouch handling |
denounce-keyword |
No | "" |
Comma-separated keywords that trigger denouncing (default: denounce) |
dry-run |
No | "false" |
Print what would happen without making changes |
merge-immediately |
No | "false" |
Merge the pull request immediately after creation (only applies when pull-request is "true") |
pull-request |
No | "false" |
Create a pull request instead of pushing directly |
roles |
No | "" |
Comma-separated role names allowed to manage (default: admin,maintain,write,triage). When empty, also accepts the legacy permission values admin or write. |
repo |
No | "" |
Repository in owner/repo format (default: current repository) |
unvouch-keyword |
No | "" |
Comma-separated keywords that trigger unvouching (default: unvouch) |
vouch-keyword |
No | "" |
Comma-separated keywords that trigger vouching (default: vouch) |
vouched-file |
No | "" |
Path to vouched contributors file (empty = auto-detect) |
vouched-managers-file |
No | "" |
Path to managers VOUCHED file (empty = disable managers check) |
vouched-managers-ref |
No | "" |
Git ref for the managers file (empty = default branch) |
vouched-managers-repo |
No | "" |
Repository in owner/repo format for managers file (empty = target repo) |
| Name | Description |
|---|---|
status |
Result: vouched, denounced, unvouched, or unchanged |
Comments from collaborators with sufficient permissions are matched:
vouch— vouches for the discussion author (customizable viavouch-keyword)vouch @user— vouches for a specific uservouch <reason>— vouches for the discussion author with a reasonvouch @user <reason>— vouches for a specific user with a reasondenounce— denounces the discussion author (customizable viadenounce-keyword)denounce @user— denounces a specific userdenounce <reason>— denounces the discussion author with a reasondenounce @user <reason>— denounces a specific user with a reasonunvouch— removes the discussion author (customizable viaunvouch-keyword)unvouch @user— removes a specific user
When dry-run is "false", the action commits and pushes any changes
to the VOUCHED file automatically. The caller must check out the
repository before using this action.
When pull-request is "true", the action creates a new branch and
opens a pull request instead of pushing directly to the default branch.
This requires pull-requests: write permission and a GitHub token that
can create pull requests. The default GITHUB_TOKEN cannot create
pull requests unless you enable it under Settings → Actions → General
→ Workflow permissions ("Allow GitHub Actions to create and approve
pull requests").