Loading .github/workflows/backport.yml +10 −5 Original line number Diff line number Diff line Loading @@ -8,26 +8,31 @@ on: # the GitHub repository. This means that it should not evaluate user input in a # way that allows code injection. permissions: contents: read permissions: {} jobs: backport: permissions: contents: write # for korthout/backport-action to create branch pull-requests: write # for korthout/backport-action to create PR to backport name: Backport Pull Request if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name)) runs-on: ubuntu-latest steps: # Use a GitHub App to create the PR so that CI gets triggered # The App is scoped to Repository > Contents and Pull Requests: write for Nixpkgs - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 id: app-token with: app-id: ${{ vars.BACKPORT_APP_ID }} private-key: ${{ secrets.BACKPORT_PRIVATE_KEY }} - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.pull_request.head.sha }} token: ${{ steps.app-token.outputs.token }} - name: Create backport PRs uses: korthout/backport-action@bd410d37cdcae80be6d969823ff5a225fe5c833f # v3.0.2 with: # Config README: https://github.com/korthout/backport-action#backport-action copy_labels_pattern: 'severity:\ssecurity' github_token: ${{ steps.app-token.outputs.token }} pull_description: |- Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}. Loading Loading
.github/workflows/backport.yml +10 −5 Original line number Diff line number Diff line Loading @@ -8,26 +8,31 @@ on: # the GitHub repository. This means that it should not evaluate user input in a # way that allows code injection. permissions: contents: read permissions: {} jobs: backport: permissions: contents: write # for korthout/backport-action to create branch pull-requests: write # for korthout/backport-action to create PR to backport name: Backport Pull Request if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name)) runs-on: ubuntu-latest steps: # Use a GitHub App to create the PR so that CI gets triggered # The App is scoped to Repository > Contents and Pull Requests: write for Nixpkgs - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 id: app-token with: app-id: ${{ vars.BACKPORT_APP_ID }} private-key: ${{ secrets.BACKPORT_PRIVATE_KEY }} - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.pull_request.head.sha }} token: ${{ steps.app-token.outputs.token }} - name: Create backport PRs uses: korthout/backport-action@bd410d37cdcae80be6d969823ff5a225fe5c833f # v3.0.2 with: # Config README: https://github.com/korthout/backport-action#backport-action copy_labels_pattern: 'severity:\ssecurity' github_token: ${{ steps.app-token.outputs.token }} pull_description: |- Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}. Loading
