Advanced Query Processing Architecture #50
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Run commands when issues are labeled or comments added | |
| # important: this workflow uses a github app that is strictly limited | |
| # to issues. If you want to change the triggers for this workflow, | |
| # please review if the permissions are still sufficient. | |
| on: | |
| issues: | |
| types: [labeled, unlabeled] | |
| issue_comment: | |
| types: [created] | |
| concurrency: | |
| group: issue-commands-${{ github.event.issue.number }} | |
| permissions: {} | |
| jobs: | |
| config: | |
| runs-on: "ubuntu-latest" | |
| outputs: | |
| has-secrets: ${{ steps.check.outputs.has-secrets }} | |
| steps: | |
| - name: "Check for secrets" | |
| id: check | |
| shell: bash | |
| run: | | |
| if [ "${{ github.repository }}" == "grafana/grafana" ]; then | |
| echo "has-secrets=1" >> "$GITHUB_OUTPUT" | |
| fi | |
| main: | |
| needs: config | |
| if: needs.config.outputs.has-secrets | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: "Get vault secrets" | |
| id: vault-secrets | |
| uses: grafana/shared-workflows/actions/get-vault-secrets@main # zizmor: ignore[unpinned-uses] | |
| with: | |
| # Secrets placed in the ci/repo/grafana/grafana/plugins_platform_issue_commands_github_bot path in Vault | |
| repo_secrets: | | |
| GITHUB_APP_ID=grafana_pr_automation_app:app_id | |
| GITHUB_APP_PRIVATE_KEY=grafana_pr_automation_app:app_pem | |
| - name: Generate token | |
| id: generate_token | |
| uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2 | |
| with: | |
| app-id: ${{ env.GITHUB_APP_ID }} | |
| private-key: ${{ env.GITHUB_APP_PRIVATE_KEY }} | |
| - name: Checkout Actions | |
| uses: actions/checkout@v4 # v4.2.2 | |
| with: | |
| repository: "grafana/grafana-github-actions" | |
| path: ./actions | |
| ref: main | |
| persist-credentials: false | |
| - name: Install Actions | |
| run: npm install --production --prefix ./actions | |
| - name: Run Commands | |
| uses: ./actions/commands | |
| with: | |
| metricsWriteAPIKey: "" | |
| token: ${{ steps.generate_token.outputs.token }} | |
| configPath: commands |