.github/workflows/backport.yml at 25.11-pre

pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / .github / workflows / backport.yml
at 25.11-pre 58 lines 2.5 kB view raw
wrap content
Wolfgang Walther workflows: improve test-ability in forks 9 months ago
01900de1
 1# WARNING:
 2# When extending this action, be aware that $GITHUB_TOKEN allows write access to
 3# the GitHub repository. This means that it should not evaluate user input in a
 4# way that allows code injection.
 5
 6name: Backport
 7
 8on:
 9  pull_request_target:
10    types: [closed, labeled]
11
12permissions: {}
13
14jobs:
15  backport:
16    name: Backport Pull Request
17    if: vars.NIXPKGS_CI_APP_ID && github.event.pull_request.merged == true && (github.event.action != 'labeled' || startsWith(github.event.label.name, 'backport'))
18    runs-on: ubuntu-24.04-arm
19    steps:
20      # Use a GitHub App to create the PR so that CI gets triggered
21      # The App is scoped to Repository > Contents and Pull Requests: write for Nixpkgs
22      - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
23        id: app-token
24        with:
25          app-id: ${{ vars.NIXPKGS_CI_APP_ID }}
26          private-key: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }}
27          permission-contents: write
28          permission-pull-requests: write
29
30      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
31        with:
32          ref: ${{ github.event.pull_request.head.sha }}
33          token: ${{ steps.app-token.outputs.token }}
34
35      - name: Create backport PRs
36        id: backport
37        uses: korthout/backport-action@436145e922f9561fc5ea157ff406f21af2d6b363 # v3.2.0
38        with:
39          # Config README: https://github.com/korthout/backport-action#backport-action
40          copy_labels_pattern: 'severity:\ssecurity'
41          github_token: ${{ steps.app-token.outputs.token }}
42          pull_description: |-
43            Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}.
44
45            * [ ] Before merging, ensure that this backport is [acceptable for the release](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#changes-acceptable-for-releases).
46              * Even as a non-committer, if you find that it is not acceptable, leave a comment.
47
48      - name: "Add 'has: port to stable' label"
49        if: steps.backport.outputs.created_pull_numbers != ''
50        env:
51          GH_TOKEN: ${{ steps.app-token.outputs.token }}
52          REPOSITORY: ${{ github.repository }}
53          NUMBER: ${{ github.event.number }}
54        run: |
55          gh api \
56            --method POST \
57            /repos/"$REPOSITORY"/issues/"$NUMBER"/labels \
58            -f "labels[]=8.has: port to stable"