tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / .github / workflows / backport.yml
at flake-libs 61 lines 2.6 kB view raw
1# WARNING: 2# When extending this action, be aware that $GITHUB_TOKEN allows write access to 3# the GitHub repository. This means that it should not evaluate user input in a 4# way that allows code injection. 5 6name: Backport 7 8on: 9 pull_request_target: 10 types: [closed, labeled] 11 12permissions: 13 contents: read 14 pull-requests: write 15 16jobs: 17 backport: 18 name: Backport Pull Request 19 if: vars.NIXPKGS_CI_APP_ID && github.event.pull_request.merged == true && (github.event.action != 'labeled' || startsWith(github.event.label.name, 'backport')) 20 runs-on: ubuntu-24.04-arm 21 steps: 22 # Use a GitHub App to create the PR so that CI gets triggered 23 # The App is scoped to Repository > Contents and Pull Requests: write for Nixpkgs 24 - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 25 id: app-token 26 with: 27 app-id: ${{ vars.NIXPKGS_CI_APP_ID }} 28 private-key: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }} 29 permission-contents: write 30 permission-pull-requests: write 31 32 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 33 with: 34 ref: ${{ github.event.pull_request.head.sha }} 35 token: ${{ steps.app-token.outputs.token }} 36 37 - name: Create backport PRs 38 id: backport 39 uses: korthout/backport-action@436145e922f9561fc5ea157ff406f21af2d6b363 # v3.2.0 40 with: 41 # Config README: https://github.com/korthout/backport-action#backport-action 42 copy_labels_pattern: 'severity:\ssecurity' 43 github_token: ${{ steps.app-token.outputs.token }} 44 pull_description: |- 45 Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}. 46 47 * [ ] Before merging, ensure that this backport is [acceptable for the release](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#changes-acceptable-for-releases). 48 * Even as a non-committer, if you find that it is not acceptable, leave a comment. 49 50 - name: "Add 'has: port to stable' label" 51 if: steps.backport.outputs.created_pull_numbers != '' 52 env: 53 # Not the app on purpose to avoid triggering another workflow run after adding this label 54 GH_TOKEN: ${{ github.token }} 55 REPOSITORY: ${{ github.repository }} 56 NUMBER: ${{ github.event.number }} 57 run: | 58 gh api \ 59 --method POST \ 60 /repos/"$REPOSITORY"/issues/"$NUMBER"/labels \ 61 -f "labels[]=8.has: port to stable"