chn/nixpkgs
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixpkgs.git synced 2026-01-11 18:32:23 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
2437cdd85af408c9d9c47c61bfb0ce96e4190ffd
nixpkgs/.github/workflows/backport.yml
Wolfgang Walther 2437cdd85a workflows/backport: avoid retriggering workflows after adding "has: port to stable" label 
After creating the backport successfully, we previously created the
"has: port to stable" label with the Nixpkgs CI App's token. This would
trigger another labeled event for the backport workflow. This only
appears as "skipped", so doesn't use any resources, but it clutters the
GitHub Actions output with useless skipped workflows.

Using `github.token` does not trigger any other workflows so avoids that
problem.

(cherry picked from commit 2566f9dcb4)
2025-05-24 07:30:33 +00:00

62 lines
2.5 KiB
YAML
Raw Blame History

# WARNING:
# When extending this action, be aware that $GITHUB_TOKEN allows write access to
# the GitHub repository. This means that it should not evaluate user input in a
# way that allows code injection.
name: Backport
on:
pull_request_target:
types: [closed, labeled]
permissions:
contents: read
pull-requests: write
jobs:
backport:
name: Backport Pull Request
if: vars.NIXPKGS_CI_APP_ID && github.event.pull_request.merged == true && (github.event.action != 'labeled' || startsWith(github.event.label.name, 'backport'))
runs-on: ubuntu-24.04-arm
steps:
# Use a GitHub App to create the PR so that CI gets triggered
# The App is scoped to Repository > Contents and Pull Requests: write for Nixpkgs
- uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
id: app-token
with:
app-id: ${{ vars.NIXPKGS_CI_APP_ID }}
private-key: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }}
permission-contents: write
permission-pull-requests: write
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
token: ${{ steps.app-token.outputs.token }}
- name: Create backport PRs
id: backport
uses: korthout/backport-action@436145e922f9561fc5ea157ff406f21af2d6b363 # v3.2.0
with:
# Config README: https://github.com/korthout/backport-action#backport-action
copy_labels_pattern: 'severity:\ssecurity'
github_token: ${{ steps.app-token.outputs.token }}
pull_description: |-
Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}.
* [ ] Before merging, ensure that this backport is [acceptable for the release](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#changes-acceptable-for-releases).
* Even as a non-committer, if you find that it is not acceptable, leave a comment.
- name: "Add 'has: port to stable' label"
if: steps.backport.outputs.created_pull_numbers != ''
env:
# Not the app on purpose to avoid triggering another workflow run after adding this label
GH_TOKEN: ${{ github.token }}
REPOSITORY: ${{ github.repository }}
NUMBER: ${{ github.event.number }}
run: |
gh api \
--method POST \
/repos/"$REPOSITORY"/issues/"$NUMBER"/labels \
-f "labels[]=8.has: port to stable"
Reference in New Issue View Git Blame Copy Permalink