Skip to content

workflows: Unsplit new-prs #69560

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Nov 1, 2023
Merged

workflows: Unsplit new-prs #69560

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
47bb041
workflows: Unsplit new-prs
tstellar Oct 19, 2023
7af7d12
Add toplevel permissions
tstellar Oct 30, 2023
5528158
Move all permissions to top-level
tstellar Oct 30, 2023
de43b1f
Revert "Move all permissions to top-level"
tstellar Oct 30, 2023
6e5ad07
Remove redudant permission
tstellar Oct 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 19 additions & 39 deletions .github/workflows/new-prs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,56 +1,36 @@
name: "Labelling new pull requests"

permissions:
contents: read

on:
workflow_run:
workflows: ["PR Receive"]
# It's safe to use pull_request_target here, because we aren't checking out
# code from the pull request branch.
# See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
pull_request_target:
types:
- opened
- reopened
- ready_for_review
- synchronize

jobs:
automate-prs-labels:
permissions:
contents: read
pull-requests: write
runs-on: ubuntu-latest
# Ignore PRs with more than 10 commits. Pull requests with a lot of
# commits tend to be accidents usually when someone made a mistake while trying
# to rebase. We want to ignore these pull requests to avoid excessive
# notifications.
if: >
github.repository == 'llvm/llvm-project' &&
github.event.workflow_run.event == 'pull_request_target' &&
github.event.workflow_run.conclusion == 'success'
github.event.pull_request.draft == false &&
github.event.pull_request.commits < 10
steps:
# From: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
# Updated version here: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#using-data-from-the-triggering-workflow
- name: Debug
run: |
echo "Event: ${{ github.event.workflow_run.event }} Conclusion: ${{ github.event.workflow_run.conclusion }}"
- name: 'Download artifact'
uses: actions/github-script@v6
with:
script: |
const artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id
});
const matchArtifact = artifacts.data.artifacts.find((artifact) =>
artifact.name === 'pr'
);
const download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip'
});
const { writeFileSync } = require('node:fs');
writeFileSync('${{ github.workspace }}/pr.zip', Buffer.from(download.data));

- run: unzip pr.zip

- name: "Get PR Number"
id: vars
run:
echo "pr-number=$(cat NR)" >> "$GITHUB_OUTPUT"

- uses: actions/labeler@v4
with:
configuration-path: .github/new-prs-labeler.yml
# workaround for https://github.com/actions/labeler/issues/112
sync-labels: ''
repo-token: ${{ secrets.ISSUE_SUBSCRIBER_TOKEN }}
pr-number: ${{ steps.vars.outputs.pr-number }}
34 changes: 0 additions & 34 deletions .github/workflows/pr-receive.yml
View file
Open in desktop

This file was deleted.