pr-auditor: test plan checks and audit trail for exceptions (!30278) · Merge requests · Warren Gifford / sourcegraph

Warren Gifford requested to merge soc2/pr-auditor into main Jan 27, 2022

Created by: bobheadxi

Introduces a bot to enforce the following:

Author creates a PR. Template asks them to provide a test plan
On PR edit, auditor GitHub Action runs, setting a status if no test plan is detected (see example below)
On PR merge, auditor GitHub Action runs: a. If test plan is provided and reviewed, do nothing b. If test plan and/or review is not provided, create issue in sourcegraph/sec-audit-trail with request for explanation from PR merger. The author should close the issue when an explanation is provided. A status is also created on the commit linking to the issue.

Closes https://github.com/sourcegraph/sourcegraph/issues/29765 , part of https://github.com/sourcegraph/sourcegraph/issues/29764.

Relevant guidance: https://github.com/sourcegraph/sourcegraph/pull/30789 , now https://docs.sourcegraph.com/dev/background-information/testing_principles#test-plans

Test plan

Nothing rigorous needed, but I've included unit tests to validate the test plan detection. In practice, not 100% sure this will work with the built-in actions token. Will probably need to follow up after merge with fixes after seeing this live, but right now it seems to be ~working

(details links to test plan docs!)

pr-auditor: test plan checks and audit trail for exceptions

Test plan

Merge request reports