mirror of
https://github.com/CHN-beta/nixpkgs.git
synced 2026-01-12 02:40:31 +08:00
436d54174d
None of our jobs is expected to run for 6 hours, the GitHub limit. These limits are generous and take into accounts that some jobs need to wait for others. If jobs exceed these times, most likely something else is wrong and needs investigation.
78 lines
2.9 KiB
YAML
78 lines
2.9 KiB
YAML
# WARNING:
|
|
# When extending this action, be aware that $GITHUB_TOKEN allows write access to
|
|
# the GitHub repository. This means that it should not evaluate user input in a
|
|
# way that allows code injection.
|
|
|
|
name: Backport
|
|
|
|
on:
|
|
pull_request_target:
|
|
types: [closed, labeled]
|
|
|
|
permissions:
|
|
contents: read
|
|
issues: write
|
|
pull-requests: write
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
|
|
jobs:
|
|
backport:
|
|
name: Backport Pull Request
|
|
if: vars.NIXPKGS_CI_APP_ID && github.event.pull_request.merged == true && (github.event.action != 'labeled' || startsWith(github.event.label.name, 'backport'))
|
|
runs-on: ubuntu-24.04-arm
|
|
timeout-minutes: 3
|
|
steps:
|
|
# Use a GitHub App to create the PR so that CI gets triggered
|
|
# The App is scoped to Repository > Contents and Pull Requests: write for Nixpkgs
|
|
- uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
|
|
id: app-token
|
|
with:
|
|
app-id: ${{ vars.NIXPKGS_CI_APP_ID }}
|
|
private-key: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }}
|
|
permission-contents: write
|
|
permission-pull-requests: write
|
|
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
token: ${{ steps.app-token.outputs.token }}
|
|
|
|
- name: Log current API rate limits
|
|
env:
|
|
GH_TOKEN: ${{ steps.app-token.outputs.token }}
|
|
run: gh api /rate_limit | jq
|
|
|
|
- name: Create backport PRs
|
|
id: backport
|
|
uses: korthout/backport-action@0193454f0c5947491d348f33a275c119f30eb736 # v3.2.1
|
|
with:
|
|
# Config README: https://github.com/korthout/backport-action#backport-action
|
|
copy_labels_pattern: 'severity:\ssecurity'
|
|
github_token: ${{ steps.app-token.outputs.token }}
|
|
pull_description: |-
|
|
Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}.
|
|
|
|
* [ ] Before merging, ensure that this backport is [acceptable for the release](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#changes-acceptable-for-releases).
|
|
* Even as a non-committer, if you find that it is not acceptable, leave a comment.
|
|
|
|
- name: Log current API rate limits
|
|
env:
|
|
GH_TOKEN: ${{ steps.app-token.outputs.token }}
|
|
run: gh api /rate_limit | jq
|
|
|
|
- name: "Add 'has: port to stable' label"
|
|
if: steps.backport.outputs.created_pull_numbers != ''
|
|
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
|
|
with:
|
|
# Not using the app on purpose to avoid triggering another workflow run after adding this label.
|
|
script: |
|
|
await github.rest.issues.addLabels({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: context.payload.pull_request.number,
|
|
labels: [ '8.has: port to stable' ]
|
|
})
|