mirror of
https://github.com/CHN-beta/nixpkgs.git
synced 2026-01-12 02:40:31 +08:00
214dfb2f3f
A while ago, I added those "owner == NixOS" conditions, because I
couldn't figure out why my fork kept failing those jobs, even though I
had set up the apps correctly.
Turns out, that when a label doesn't exist, those actions try to
implicitly create it. But to do that, they actually need write
permissions on the *issues* endpoint, the pull-requests endpoint is not
enough. Even though the docs state otherwise.
Thus, adding those permissions. This will also lead to new labels being
created when they are added via code (for example in
.github/labels.yml), even when they had not been created, yet. Labels
created this way will initially be grayish color and without description
- but we can always add those later, there is no point in failing
pipelines for everyone in that case.
(cherry picked from commit d2ff68b564)
61 lines
2.3 KiB
YAML
61 lines
2.3 KiB
YAML
# WARNING:
|
|
# When extending this action, be aware that $GITHUB_TOKEN allows some write
|
|
# access to the GitHub API. This means that it should not evaluate user input in
|
|
# a way that allows code injection.
|
|
|
|
name: "Label PR"
|
|
|
|
on:
|
|
pull_request_target:
|
|
|
|
permissions:
|
|
contents: read
|
|
issues: write # needed to create *new* labels
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
labels:
|
|
name: label-pr
|
|
runs-on: ubuntu-24.04-arm
|
|
if: "!contains(github.event.pull_request.title, '[skip treewide]')"
|
|
steps:
|
|
- uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
|
|
if: |
|
|
github.event.pull_request.head.repo.owner.login != 'NixOS' || !(
|
|
github.head_ref == 'haskell-updates' ||
|
|
github.head_ref == 'python-updates' ||
|
|
github.head_ref == 'staging-next' ||
|
|
startsWith(github.head_ref, 'staging-next-')
|
|
)
|
|
with:
|
|
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
|
configuration-path: .github/labeler.yml # default
|
|
sync-labels: true
|
|
- uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
|
|
if: |
|
|
github.event.pull_request.head.repo.owner.login != 'NixOS' || !(
|
|
github.head_ref == 'haskell-updates' ||
|
|
github.head_ref == 'python-updates' ||
|
|
github.head_ref == 'staging-next' ||
|
|
startsWith(github.head_ref, 'staging-next-')
|
|
)
|
|
with:
|
|
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
|
configuration-path: .github/labeler-no-sync.yml
|
|
sync-labels: false
|
|
- uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
|
|
# Development branches like staging-next, haskell-updates and python-updates get special labels.
|
|
# This is to avoid the mass of labels there, which is mostly useless - and really annoying for
|
|
# the backport labels.
|
|
if: |
|
|
github.event.pull_request.head.repo.owner.login == 'NixOS' && (
|
|
github.head_ref == 'haskell-updates' ||
|
|
github.head_ref == 'python-updates' ||
|
|
github.head_ref == 'staging-next' ||
|
|
startsWith(github.head_ref, 'staging-next-')
|
|
)
|
|
with:
|
|
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
|
configuration-path: .github/labeler-development-branches.yml
|
|
sync-labels: true
|