mirror of
https://github.com/Icinga/icinga2.git
synced 2026-03-22 02:21:56 -04:00
3fb70662cc
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2.2.1 to 3.0.0. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](https://github.com/actions/create-github-app-token/compare/v2.2.1...v3.0.0) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
57 lines
2.9 KiB
YAML
57 lines
2.9 KiB
YAML
name: Backbot
|
|
on:
|
|
pull_request_target:
|
|
types:
|
|
- closed
|
|
- labeled
|
|
|
|
# Disable all permissions for the GITHUB_TOKEN, as we are using a GitHub App token instead.
|
|
permissions: {}
|
|
|
|
jobs:
|
|
backbot:
|
|
runs-on: ubuntu-latest
|
|
if: |
|
|
github.repository_owner == 'Icinga' &&
|
|
github.event.pull_request.merged == true && (
|
|
github.event.action != 'labeled' ||
|
|
startsWith(github.event.label.name, 'backport-to-support/')
|
|
)
|
|
steps:
|
|
- name: Generate GitHub Installation Access Token
|
|
# Use GitHub App to generate an installation access token to allow PRs created by Backbot to trigger workflows.
|
|
# This is necessary because PRs created using the default GITHUB_TOKEN do not trigger workflows plus
|
|
# GitHub doesn't allow to alter any file within the .github/workflows directory using the default GITHUB_TOKEN.
|
|
# This action will create a token with the permissions defined below and is valid only for 1 hour, but if the
|
|
# job completes before that 1 hour limit, the token will automatically be revoked.
|
|
uses: actions/create-github-app-token@v3.0.0
|
|
id: backbot-token
|
|
with:
|
|
app-id: ${{ secrets.BACKBOT_APP_ID }}
|
|
private-key: ${{ secrets.BACKBOT_APP_PRIVATE_KEY }}
|
|
skip-token-revoke: false # Revoke the token after the job is done (is the default behavior).
|
|
# GitHub recommends to explicitly list the permissions the token should have instead of inheriting all the
|
|
# permissions from the GitHub App itself. See https://github.com/actions/create-github-app-token
|
|
permission-contents: write # Allow to create, delete and update branches.
|
|
permission-pull-requests: write # Allow to create and update PRs.
|
|
permission-workflows: write # Allow to backport PRs that modify workflow files.
|
|
permission-issues: write # Needed to add comments to the PRs created by Backbot and the original PR.
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@v6
|
|
with:
|
|
token: ${{ steps.backbot-token.outputs.token }} # To make authenticated git operations.
|
|
sha: ${{ github.event.pull_request.head.sha }} # Checkout the latest commit of the merged PR.
|
|
|
|
- name: Run Backbot
|
|
uses: korthout/backport-action@4aaf0e03a94ff0a619c9a511b61aeb42adea5b02 # v4.2.0
|
|
with:
|
|
github_token: ${{ steps.backbot-token.outputs.token }}
|
|
copy_labels_pattern: '^(?!cla\/signed$).*' # copy all labels other than the cla/signed label
|
|
label_pattern: 'backport-to-(support\/\d+\.\d+)' # regex to match labels like backport-to-support/2.14
|
|
merge_commits: skip # skip merge commits found in the original PR history
|
|
pull_description: |-
|
|
Backport of #${pull_number} to `${target_branch}`, triggered by a label.
|
|
|
|
---
|
|
This is an automated backport PR. Please review it carefully before merging.
|