4b416f89bf
* Chore(deps): Bump actions/checkout from 4 to 5 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * remove incorrect comments --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ashley Harrison <ashley.harrison@grafana.com>
170 lines
7.1 KiB
YAML
170 lines
7.1 KiB
YAML
name: Run commands when issues are opened
|
|
|
|
# important: this workflow uses a github app that is strictly limited
|
|
# to issues. If you want to change the triggers for this workflow,
|
|
# please review if the permissions are still sufficient.
|
|
on:
|
|
issues:
|
|
types: [opened]
|
|
|
|
concurrency:
|
|
group: issue-opened-${{ github.event.issue.number }}
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
main:
|
|
runs-on: ubuntu-latest
|
|
if: github.repository == 'grafana/grafana'
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
steps:
|
|
|
|
- name: Checkout Actions
|
|
uses: actions/checkout@v5
|
|
with:
|
|
repository: "grafana/grafana-github-actions"
|
|
path: ./actions
|
|
ref: main
|
|
persist-credentials: false
|
|
|
|
- name: Install Actions
|
|
run: npm install --production --prefix ./actions
|
|
|
|
# give issue-openers a chance to add labels after submit
|
|
- name: Sleep for 2 minutes
|
|
run: sleep 2m
|
|
shell: bash
|
|
|
|
- name: "Get vault secrets"
|
|
id: vault-secrets
|
|
uses: grafana/shared-workflows/actions/get-vault-secrets@get-vault-secrets/v1.2.1 # zizmor: ignore[unpinned-uses]
|
|
with:
|
|
# Secrets placed in the ci/repo/grafana/grafana/plugins_platform_issue_commands_github_bot path in Vault
|
|
repo_secrets: |
|
|
GITHUB_APP_ID=grafana_pr_automation_app:app_id
|
|
GITHUB_APP_PRIVATE_KEY=grafana_pr_automation_app:app_pem
|
|
|
|
- name: Generate token
|
|
id: generate_token
|
|
uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
|
|
with:
|
|
app-id: ${{ env.GITHUB_APP_ID }}
|
|
private-key: ${{ env.GITHUB_APP_PRIVATE_KEY }}
|
|
permission-issues: write
|
|
|
|
- name: Run Commands
|
|
uses: ./actions/commands
|
|
with:
|
|
token: ${{ steps.generate_token.outputs.token }}
|
|
configPath: "issue-opened"
|
|
|
|
auto-triage:
|
|
needs: [main]
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
if: github.repository == 'grafana/grafana'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
|
|
- name: "Get vault secrets"
|
|
id: vault-secrets
|
|
uses: grafana/shared-workflows/actions/get-vault-secrets@get-vault-secrets/v1.2.1 # zizmor: ignore[unpinned-uses]
|
|
with:
|
|
# Secrets placed in the ci/repo/grafana/grafana/plugins_platform_issue_triager path in Vault
|
|
repo_secrets: |
|
|
AUTOTRIAGER_OPENAI_API_KEY=plugins_platform_issue_triager:AUTOTRIAGER_OPENAI_API_KEY
|
|
AUTOTRIAGER_SLACK_WEBHOOK_URL=plugins_platform_issue_triager:AUTOTRIAGER_SLACK_WEBHOOK_URL
|
|
GITHUB_APP_ID=plugins_platform_issue_triager_github_bot:app_id
|
|
GITHUB_APP_PRIVATE_KEY=plugins_platform_issue_triager_github_bot:app_pem
|
|
|
|
- name: Generate token
|
|
id: generate_token
|
|
uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
|
|
with:
|
|
app-id: ${{ env.GITHUB_APP_ID }}
|
|
private-key: ${{ env.GITHUB_APP_PRIVATE_KEY }}
|
|
permission-members: read
|
|
permission-issues: write
|
|
- name: Check if member of grafana org
|
|
id: check-if-grafana-org-member
|
|
continue-on-error: true
|
|
run: gh api https://api.github.com/orgs/grafana/members/${{ env.ACTOR }} >/dev/null 2>&1 && echo "is_grafana_org_member=true" >> "$GITHUB_OUTPUT"
|
|
env:
|
|
GH_TOKEN: ${{ steps.generate_token.outputs.token }}
|
|
ACTOR: ${{ github.actor }}
|
|
- name: Checkout
|
|
if: steps.check-if-grafana-org-member.outputs.is_grafana_org_member != 'true' && github.event.issue.author_association != 'MEMBER' && github.event.issue.author_association != 'OWNER'
|
|
uses: actions/checkout@v5
|
|
with:
|
|
persist-credentials: false
|
|
sparse-checkout: |
|
|
.github/workflows/auto-triager
|
|
- name: Send issue to the auto triager action
|
|
id: auto_triage
|
|
if: steps.check-if-grafana-org-member.outputs.is_grafana_org_member != 'true' && github.event.issue.author_association != 'MEMBER' && github.event.issue.author_association != 'OWNER'
|
|
uses: grafana/auto-triager@main # zizmor: ignore[unpinned-uses]
|
|
with:
|
|
token: ${{ steps.generate_token.outputs.token }}
|
|
issue_number: ${{ github.event.issue.number }}
|
|
openai_api_key: ${{ env.AUTOTRIAGER_OPENAI_API_KEY }}
|
|
add_labels: true
|
|
labels_file: ${{ github.workspace }}/.github/workflows/auto-triager/labels.txt
|
|
types_file: ${{ github.workspace }}/.github/workflows/auto-triager/types.txt
|
|
prompt_file: ${{ github.workspace }}/.github/workflows/auto-triager/prompt.txt
|
|
|
|
- name: "Send Slack notification"
|
|
if: ${{ steps.auto_triage.outputs.triage_labels != '' }}
|
|
uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
|
|
with:
|
|
payload: >
|
|
{
|
|
"icon_emoji": ":robocto:",
|
|
"username": "Auto Triager",
|
|
"type": "mrkdwn",
|
|
"text": "Auto triager found the following labels: ${{ steps.auto_triage.outputs.triage_labels }} for issue ${{ github.event.issue.html_url }}",
|
|
"channel": "#triage-automation-ci"
|
|
}
|
|
env:
|
|
SLACK_WEBHOOK_URL: ${{ env.AUTOTRIAGER_SLACK_WEBHOOK_URL }}
|
|
auto-label-internal-issues:
|
|
needs: [main]
|
|
if: github.repository == 'grafana/grafana'
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
issues: write
|
|
id-token: write
|
|
steps:
|
|
- name: "Get vault secrets"
|
|
id: vault-secrets
|
|
uses: grafana/shared-workflows/actions/get-vault-secrets@get-vault-secrets/v1.2.1 # zizmor: ignore[unpinned-uses]
|
|
with:
|
|
# Secrets placed in the ci/repo/grafana/grafana/plugins_platform_issue_triager path in Vault
|
|
repo_secrets: |
|
|
GITHUB_APP_ID=plugins_platform_issue_triager_github_bot:app_id
|
|
GITHUB_APP_PRIVATE_KEY=plugins_platform_issue_triager_github_bot:app_pem
|
|
- name: Generate token
|
|
id: generate_token
|
|
uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
|
|
with:
|
|
app-id: ${{ env.GITHUB_APP_ID }}
|
|
private-key: ${{ env.GITHUB_APP_PRIVATE_KEY }}
|
|
permission-members: read
|
|
- name: Check if member of grafana org
|
|
id: check-if-grafana-org-member
|
|
continue-on-error: true
|
|
run: gh api https://api.github.com/orgs/grafana/members/${{ env.ACTOR }} >/dev/null 2>&1 && echo "is_grafana_org_member=true" >> "$GITHUB_OUTPUT"
|
|
env:
|
|
GH_TOKEN: ${{ steps.generate_token.outputs.token }}
|
|
ACTOR: ${{ github.actor }}
|
|
- name: "Auto label internal issues"
|
|
if: steps.check-if-grafana-org-member.outputs.is_grafana_org_member == 'true' || github.event.issue.author_association == 'MEMBER' || github.event.issue.author_association == 'OWNER'
|
|
run: gh issue edit "$NUMBER" --add-label "$LABELS"
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
GH_REPO: ${{ github.repository }}
|
|
NUMBER: ${{ github.event.issue.number }}
|
|
LABELS: internal
|