mirror of
https://github.com/CHN-beta/nixpkgs.git
synced 2026-01-12 02:40:31 +08:00
8a03e71552
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2.0.6 to 2.1.0. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](df432ceedc...0f859bf9e6) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 2.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commitd1d2650cba)
78 lines
2.9 KiB
YAML
78 lines
2.9 KiB
YAML
# WARNING:
|
|
# When extending this action, be aware that $GITHUB_TOKEN allows write access to
|
|
# the GitHub repository. This means that it should not evaluate user input in a
|
|
# way that allows code injection.
|
|
|
|
name: Backport
|
|
|
|
on:
|
|
pull_request_target:
|
|
types: [closed, labeled]
|
|
|
|
permissions:
|
|
contents: read
|
|
issues: write
|
|
pull-requests: write
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
|
|
jobs:
|
|
backport:
|
|
name: Backport Pull Request
|
|
if: vars.NIXPKGS_CI_APP_ID && github.event.pull_request.merged == true && (github.event.action != 'labeled' || startsWith(github.event.label.name, 'backport'))
|
|
runs-on: ubuntu-24.04-arm
|
|
timeout-minutes: 3
|
|
steps:
|
|
# Use a GitHub App to create the PR so that CI gets triggered
|
|
# The App is scoped to Repository > Contents and Pull Requests: write for Nixpkgs
|
|
- uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0
|
|
id: app-token
|
|
with:
|
|
app-id: ${{ vars.NIXPKGS_CI_APP_ID }}
|
|
private-key: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }}
|
|
permission-contents: write
|
|
permission-pull-requests: write
|
|
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
token: ${{ steps.app-token.outputs.token }}
|
|
|
|
- name: Log current API rate limits
|
|
env:
|
|
GH_TOKEN: ${{ steps.app-token.outputs.token }}
|
|
run: gh api /rate_limit | jq
|
|
|
|
- name: Create backport PRs
|
|
id: backport
|
|
uses: korthout/backport-action@0193454f0c5947491d348f33a275c119f30eb736 # v3.2.1
|
|
with:
|
|
# Config README: https://github.com/korthout/backport-action#backport-action
|
|
copy_labels_pattern: 'severity:\ssecurity'
|
|
github_token: ${{ steps.app-token.outputs.token }}
|
|
pull_description: |-
|
|
Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}.
|
|
|
|
* [ ] Before merging, ensure that this backport is [acceptable for the release](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#changes-acceptable-for-releases).
|
|
* Even as a non-committer, if you find that it is not acceptable, leave a comment.
|
|
|
|
- name: Log current API rate limits
|
|
env:
|
|
GH_TOKEN: ${{ steps.app-token.outputs.token }}
|
|
run: gh api /rate_limit | jq
|
|
|
|
- name: "Add 'has: port to stable' label"
|
|
if: steps.backport.outputs.created_pull_numbers != ''
|
|
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
|
|
with:
|
|
# Not using the app on purpose to avoid triggering another workflow run after adding this label.
|
|
script: |
|
|
await github.rest.issues.addLabels({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: context.payload.pull_request.number,
|
|
labels: [ '8.has: port to stable' ]
|
|
})
|