121 lines
		
	
	
		
			4.3 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			121 lines
		
	
	
		
			4.3 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| # WARNING:
 | |
| # When extending this action, be aware that $GITHUB_TOKEN allows some write
 | |
| # access to the GitHub API. This means that it should not evaluate user input in
 | |
| # a way that allows code injection.
 | |
| 
 | |
| name: Labels
 | |
| 
 | |
| on:
 | |
|   schedule:
 | |
|     - cron: '07,17,27,37,47,57 * * * *'
 | |
|   workflow_call:
 | |
|     inputs:
 | |
|       headBranch:
 | |
|         required: true
 | |
|         type: string
 | |
|     secrets:
 | |
|       NIXPKGS_CI_APP_PRIVATE_KEY:
 | |
|         required: true
 | |
|   workflow_dispatch:
 | |
| 
 | |
| concurrency:
 | |
|   # This explicitly avoids using `run_id` for the concurrency key to make sure that only
 | |
|   # *one* scheduled run can run at a time.
 | |
|   group: labels-${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number }}
 | |
|   # PR-triggered runs will be cancelled, but scheduled runs will be queued.
 | |
|   cancel-in-progress: ${{ github.event_name != 'schedule' }}
 | |
| 
 | |
| # This is used as fallback without app only.
 | |
| # This happens when testing in forks without setting up that app.
 | |
| permissions:
 | |
|   issues: write
 | |
|   pull-requests: write
 | |
| 
 | |
| defaults:
 | |
|   run:
 | |
|     shell: bash
 | |
| 
 | |
| jobs:
 | |
|   update:
 | |
|     runs-on: ubuntu-24.04-arm
 | |
|     if: github.event_name != 'schedule' || github.repository_owner == 'NixOS'
 | |
|     steps:
 | |
|       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 | |
|         with:
 | |
|           sparse-checkout: |
 | |
|             ci/labels
 | |
| 
 | |
|       - name: Install dependencies
 | |
|         run: npm install @actions/artifact bottleneck
 | |
| 
 | |
|       # Use a GitHub App, because it has much higher rate limits: 12,500 instead of 5,000 req / hour.
 | |
|       - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
 | |
|         if: vars.NIXPKGS_CI_APP_ID
 | |
|         id: app-token
 | |
|         with:
 | |
|           app-id: ${{ vars.NIXPKGS_CI_APP_ID }}
 | |
|           private-key: ${{ secrets.NIXPKGS_CI_APP_PRIVATE_KEY }}
 | |
|           permission-issues: write
 | |
|           permission-pull-requests: write
 | |
| 
 | |
|       - name: Log current API rate limits
 | |
|         env:
 | |
|           GH_TOKEN: ${{ steps.app-token.outputs.token || github.token }}
 | |
|         run: gh api /rate_limit | jq
 | |
| 
 | |
|       - name: Labels from API data and Eval results
 | |
|         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
 | |
|         with:
 | |
|           github-token: ${{ steps.app-token.outputs.token || github.token }}
 | |
|           retries: 3
 | |
|           script: |
 | |
|             require('./ci/labels/labels.cjs')({
 | |
|               github,
 | |
|               context,
 | |
|               core,
 | |
|               dry: context.eventName == 'pull_request'
 | |
|             })
 | |
| 
 | |
|       - name: Log current API rate limits
 | |
|         env:
 | |
|           GH_TOKEN: ${{ steps.app-token.outputs.token || github.token }}
 | |
|         run: gh api /rate_limit | jq
 | |
| 
 | |
|       - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
 | |
|         name: Labels from touched files
 | |
|         if: |
 | |
|           github.event_name == 'pull_request_target' &&
 | |
|           !contains(fromJSON(inputs.headBranch).type, 'development')
 | |
|         with:
 | |
|           repo-token: ${{ steps.app-token.outputs.token }}
 | |
|           configuration-path: .github/labeler.yml # default
 | |
|           sync-labels: true
 | |
| 
 | |
|       - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
 | |
|         name: Labels from touched files (no sync)
 | |
|         if: |
 | |
|           github.event_name == 'pull_request_target' &&
 | |
|           !contains(fromJSON(inputs.headBranch).type, 'development')
 | |
|         with:
 | |
|           repo-token: ${{ steps.app-token.outputs.token }}
 | |
|           configuration-path: .github/labeler-no-sync.yml
 | |
|           sync-labels: false
 | |
| 
 | |
|       - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
 | |
|         name: Labels from touched files (development branches)
 | |
|         # Development branches like staging-next, haskell-updates and python-updates get special labels.
 | |
|         # This is to avoid the mass of labels there, which is mostly useless - and really annoying for
 | |
|         # the backport labels.
 | |
|         if: |
 | |
|           github.event_name == 'pull_request_target' &&
 | |
|           contains(fromJSON(inputs.headBranch).type, 'development')
 | |
|         with:
 | |
|           repo-token: ${{ steps.app-token.outputs.token }}
 | |
|           configuration-path: .github/labeler-development-branches.yml
 | |
|           sync-labels: true
 | |
| 
 | |
|       - name: Log current API rate limits
 | |
|         env:
 | |
|           GH_TOKEN: ${{ steps.app-token.outputs.token || github.token }}
 | |
|         run: gh api /rate_limit | jq
 | 
