Upgrade the branch-label action to use Node.js v20
#122
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…use Node.js v20.
jorgemd24
approved these changes
Apr 26, 2024
There was a problem hiding this comment.
Thanks @eason9487 for working on this! I tested creating some PRs in a fork branch and it worked well, so LGTM 👍 I left some comments but they are not blockers.
|
|
||
| #### Permissions: | ||
|
|
||
| It's recommended to use the `pull_request_target` event instead of `pull_request` to avoid the issue of not having permission to add labels to pull requests. |
There was a problem hiding this comment.
In this action, we're not directly interacting with the code from the PR, so we're OK. However, shouldn't we also mention here that pull_request_target will grant access to secrets for PRs from forks?
There was a problem hiding this comment.
Thanks for the suggestion. Added in 424eada.
|
|
||
| Ref: | ||
| - https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target | ||
| - https://github.com/actions/labeler/tree/v5#permissions |
There was a problem hiding this comment.
As we are using the labeler action, I think this link can be useful too: https://github.com/actions/labeler?tab=readme-ov-file#usage
…o the `branch-label` action in the `github-actions` package. Address: - #122 (comment) - #122 (comment)
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes proposed in this Pull Request:
Part of #108
This PR upgrades the
branch-labelaction to use Node.js v20.actions-ecosystem/action-add-labelsaction has not been updated for almost 4 years. Therefore, this PR changes to use an alternativeactions/labeleraction to achieve the same function.pull_request_targetinstead ofpull_request.Detailed test instructions:
📌 Using Node.js v20
📌 View testing PRs to see if the alternative implementation can achieve the same results
1️⃣ Add a label: eason9487#24
2️⃣ Add multiple labels: eason9487#25
3️⃣ Mismatched branch name: eason9487#26
No labels are added because the branch name
fixed/space-time-riftdidn't match any rules.4️⃣ No required permissions: eason9487#29
This test explains that a workflow uses
pull_requestevent may result in permission issue when a PR is created from forks.