-
Notifications
You must be signed in to change notification settings - Fork 600
57 lines (52 loc) · 2.9 KB
/
backbot.yml
File metadata and controls
57 lines (52 loc) · 2.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
name: Backbot
on:
pull_request_target:
types:
- closed
- labeled
# Disable all permissions for the GITHUB_TOKEN, as we are using a GitHub App token instead.
permissions: {}
jobs:
backbot:
runs-on: ubuntu-latest
if: |
github.repository_owner == 'Icinga' &&
github.event.pull_request.merged == true && (
github.event.action != 'labeled' ||
startsWith(github.event.label.name, 'backport-to-support/')
)
steps:
- name: Generate GitHub Installation Access Token
# Use GitHub App to generate an installation access token to allow PRs created by Backbot to trigger workflows.
# This is necessary because PRs created using the default GITHUB_TOKEN do not trigger workflows plus
# GitHub doesn't allow to alter any file within the .github/workflows directory using the default GITHUB_TOKEN.
# This action will create a token with the permissions defined below and is valid only for 1 hour, but if the
# job completes before that 1 hour limit, the token will automatically be revoked.
uses: actions/create-github-app-token@v3.0.0
id: backbot-token
with:
app-id: ${{ secrets.BACKBOT_APP_ID }}
private-key: ${{ secrets.BACKBOT_APP_PRIVATE_KEY }}
skip-token-revoke: false # Revoke the token after the job is done (is the default behavior).
# GitHub recommends to explicitly list the permissions the token should have instead of inheriting all the
# permissions from the GitHub App itself. See https://github.com/actions/create-github-app-token
permission-contents: write # Allow to create, delete and update branches.
permission-pull-requests: write # Allow to create and update PRs.
permission-workflows: write # Allow to backport PRs that modify workflow files.
permission-issues: write # Needed to add comments to the PRs created by Backbot and the original PR.
- name: Checkout
uses: actions/checkout@v6
with:
token: ${{ steps.backbot-token.outputs.token }} # To make authenticated git operations.
sha: ${{ github.event.pull_request.head.sha }} # Checkout the latest commit of the merged PR.
- name: Run Backbot
uses: korthout/backport-action@4aaf0e03a94ff0a619c9a511b61aeb42adea5b02 # v4.2.0
with:
github_token: ${{ steps.backbot-token.outputs.token }}
copy_labels_pattern: '^(?!cla\/signed$).*' # copy all labels other than the cla/signed label
label_pattern: 'backport-to-(support\/\d+\.\d+)' # regex to match labels like backport-to-support/2.14
merge_commits: skip # skip merge commits found in the original PR history
pull_description: |-
Backport of #${pull_number} to `${target_branch}`, triggered by a label.
---
This is an automated backport PR. Please review it carefully before merging.