-
Notifications
You must be signed in to change notification settings - Fork 14.1k
70 lines (67 loc) · 2.63 KB
/
pr-update.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Pull Request
on:
# CAUTION! The pull_request_target is generally consider UNSAFE. This is because it will
# run untrusted code on the GHA infra with access to secrets and elevated permissions. We must
# not run any code from the pull request here. Instead, this workflow is for things like adding
# comments or labels to the pull request.
#
# Read:
# * https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#pull_request_target
# * https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
pull_request_target:
types: [opened, reopened, synchronize]
branches:
- trunk
jobs:
add-labeler-labels:
name: Labeler
permissions:
contents: read
pull-requests: write
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- uses: actions/labeler@v5
with:
configuration-path: .github/configs/labeler.yml
- name: check small label
env:
GH_TOKEN: ${{ github.token }}
PR_NUM: ${{github.event.number}}
run: |
./.github/scripts/label_small.sh
add-triage-label:
if: github.event.action == 'opened' || github.event.action == 'reopened'
name: Add triage label
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- name: Env
run: printenv
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
# If the PR is from a non-committer, add triage label
- if: |
github.event.pull_request.author_association != 'MEMBER' &&
github.event.pull_request.author_association != 'OWNER'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
NUMBER: ${{ github.event.pull_request.number }}
run: gh pr edit "$NUMBER" --add-label triage