4177297b14
For reproducibility.
Command:
```shell
for file in .github/workflows/*.y*ml; do
npx pin-github-action --comment=' {ref}' "$file"
done
```
Then had to manually replace all the versions with accurate specifiers
(for example, "v4" → "v4.1.1" in case of `actions/checkout`).
36 lines
1.5 KiB
YAML
36 lines
1.5 KiB
YAML
name: Backport
|
|
on:
|
|
pull_request_target:
|
|
types: [closed, labeled]
|
|
|
|
# WARNING:
|
|
# When extending this action, be aware that $GITHUB_TOKEN allows write access to
|
|
# the GitHub repository. This means that it should not evaluate user input in a
|
|
# way that allows code injection.
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
backport:
|
|
permissions:
|
|
contents: write # for korthout/backport-action to create branch
|
|
pull-requests: write # for korthout/backport-action to create PR to backport
|
|
name: Backport Pull Request
|
|
if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
- name: Create backport PRs
|
|
uses: korthout/backport-action@08bafb375e6e9a9a2b53a744b987e5d81a133191 # v2.1.1
|
|
with:
|
|
# Config README: https://github.com/korthout/backport-action#backport-action
|
|
copy_labels_pattern: 'severity:\ssecurity'
|
|
pull_description: |-
|
|
Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}.
|
|
|
|
* [ ] Before merging, ensure that this backport is [acceptable for the release](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#changes-acceptable-for-releases).
|
|
* Even as a non-commiter, if you find that it is not acceptable, leave a comment.
|