From 2e94295457bd9d9a0fe61af884bc72616f163b68 Mon Sep 17 00:00:00 2001 From: Eason Su Date: Fri, 26 Apr 2024 11:36:33 +0800 Subject: [PATCH 1/2] Upgrade the `branch-label` action in the `github-actions` package to use Node.js v20. --- .../actions/branch-label/README.md | 35 ++++++++++++- .../actions/branch-label/action.yml | 51 +++---------------- .../actions/branch-label/labeler.yml | 27 ++++++++++ 3 files changed, 68 insertions(+), 45 deletions(-) create mode 100644 packages/github-actions/actions/branch-label/labeler.yml diff --git a/packages/github-actions/actions/branch-label/README.md b/packages/github-actions/actions/branch-label/README.md index a8f1a035..95c214fa 100644 --- a/packages/github-actions/actions/branch-label/README.md +++ b/packages/github-actions/actions/branch-label/README.md @@ -17,12 +17,43 @@ See [action.yml](action.yml) ```yaml on: - pull_request: + pull_request_target: types: opened + jobs: SetLabels: + permissions: + contents: read + pull-requests: write runs-on: ubuntu-latest steps: - name: Set Labels - uses: woocommerce/grow/branch-label@actions-v1 + uses: woocommerce/grow/branch-label@actions-v2 +``` + +#### Permissions: + +It's recommended to use the `pull_request_target` event instead of `pull_request` to avoid the issue of not having permission to add labels to pull requests. + +Ref: +- https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target +- https://github.com/actions/labeler/tree/v5#permissions + +## Migration from v1 to v2: + +```diff +- pull_request: ++ pull_request_target: + types: opened + + jobs: + SetLabels: ++ permissions: ++ contents: read ++ pull-requests: write + runs-on: ubuntu-latest + steps: + - name: Set Labels +- uses: woocommerce/grow/branch-label@actions-v1 ++ uses: woocommerce/grow/branch-label@actions-v2 ``` diff --git a/packages/github-actions/actions/branch-label/action.yml b/packages/github-actions/actions/branch-label/action.yml index e1d701a3..aa9fcdef 100644 --- a/packages/github-actions/actions/branch-label/action.yml +++ b/packages/github-actions/actions/branch-label/action.yml @@ -4,46 +4,11 @@ description: Set PR labels according to the branch name. runs: using: composite steps: - - uses: actions-ecosystem/action-add-labels@v1 - if: ${{ startsWith(github.head_ref, 'breaking/') }} - with: - labels: | - changelog: breaking - - uses: actions-ecosystem/action-add-labels@v1 - if: ${{ startsWith(github.head_ref, 'add/') }} - with: - labels: | - type: enhancement - changelog: add - - uses: actions-ecosystem/action-add-labels@v1 - if: ${{ startsWith(github.head_ref, 'update/') }} - with: - labels: | - changelog: update - - uses: actions-ecosystem/action-add-labels@v1 - if: ${{ startsWith(github.head_ref, 'fix/') }} - with: - labels: | - type: bug - changelog: fix - - uses: actions-ecosystem/action-add-labels@v1 - if: ${{ startsWith(github.head_ref, 'tweak/') }} - with: - labels: | - changelog: tweak - - uses: actions-ecosystem/action-add-labels@v1 - if: ${{ startsWith(github.head_ref, 'dev/') }} - with: - labels: | - changelog: dev - - uses: actions-ecosystem/action-add-labels@v1 - if: ${{ startsWith(github.head_ref, 'doc/') }} - with: - labels: | - changelog: doc - type: documentation - - uses: actions-ecosystem/action-add-labels@v1 - if: ${{ startsWith(github.head_ref, 'release/') }} - with: - labels: | - changelog: none + # Copy labeler.yml to the default config path of `actions/labeler`. + - shell: bash + run: | + CONFIG_DIR=.github + mkdir -p "$CONFIG_DIR" + cp "${{ github.action_path }}/labeler.yml" "$CONFIG_DIR" + + - uses: actions/labeler@v5 diff --git a/packages/github-actions/actions/branch-label/labeler.yml b/packages/github-actions/actions/branch-label/labeler.yml new file mode 100644 index 00000000..3b9a6184 --- /dev/null +++ b/packages/github-actions/actions/branch-label/labeler.yml @@ -0,0 +1,27 @@ +"changelog: breaking": + - head-branch: "^breaking/" + +"changelog: add": &head-branch-add + - head-branch: "^add/" + +"changelog: update": + - head-branch: "^update/" + +"changelog: fix": &head-branch-fix + - head-branch: "^fix/" + +"changelog: tweak": + - head-branch: "^tweak/" + +"changelog: dev": + - head-branch: "^dev/" + +"changelog: doc": &head-branch-doc + - head-branch: "^doc/" + +"changelog: none": + - head-branch: "^release/" + +"type: enhancement": *head-branch-add +"type: bug": *head-branch-fix +"type: documentation": *head-branch-doc From 424eada2c2806c5635d1467e2fa494e9ba2a992c Mon Sep 17 00:00:00 2001 From: Eason Su Date: Thu, 9 May 2024 15:36:35 +0800 Subject: [PATCH 2/2] Add the reason for the need of write permission and usage reference to the `branch-label` action in the `github-actions` package. Address: - https://github.com/woocommerce/grow/pull/122#discussion_r1580960288 - https://github.com/woocommerce/grow/pull/122#discussion_r1580968559 --- packages/github-actions/actions/branch-label/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/github-actions/actions/branch-label/README.md b/packages/github-actions/actions/branch-label/README.md index 95c214fa..cb7f985c 100644 --- a/packages/github-actions/actions/branch-label/README.md +++ b/packages/github-actions/actions/branch-label/README.md @@ -33,10 +33,11 @@ jobs: #### Permissions: -It's recommended to use the `pull_request_target` event instead of `pull_request` to avoid the issue of not having permission to add labels to pull requests. +In order to add labels to pull requests, this action requires write permissions on the pull request. However, when the action runs on a pull request from a fork, GitHub only grants read access tokens for the `pull_request` event. Therefore, it's recommended to use the `pull_request_target` event instead of `pull_request` to avoid the issue of not having permission. Ref: - https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target +- https://github.com/actions/labeler/tree/v5#usage - https://github.com/actions/labeler/tree/v5#permissions ## Migration from v1 to v2: