public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7ae9f94de767f4170572ac2cfc69085a6d11c9dd
grafana/.github/workflows/pr-patch-check.yml
dependabot[bot] fa5a3cfdf6 Bump actions/github-script from 7 to 8 (#111716) 
Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 8.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v7...v8)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-15 18:38:49 +00:00

79 lines
2.6 KiB
YAML
Raw Blame History

name: Dispatch check for patch conflicts
on:
workflow_call:
inputs:
head_ref:
type: string
required: true
base_ref:
type: string
required: true
repo:
type: string
required: true
sender_login:
type: string
required: true
sha:
type: string
required: true
pr_commit_sha:
type: string
required: true
permissions:
id-token: write
contents: read
# Since this is run on a pull request, we want to apply the patches intended for the
# target branch onto the source branch, to verify compatibility before merging.
jobs:
dispatch-job:
env:
HEAD_REF: ${{ inputs.head_ref }}
BASE_REF: ${{ github.base_ref }}
REPO: ${{ inputs.repo }}
SENDER: ${{ inputs.sender_login }}
SHA: ${{ inputs.sha }}
PR_COMMIT_SHA: ${{ inputs.pr_commit_sha }}
runs-on: ubuntu-latest
steps:
- name: "Get vault secrets"
id: vault-secrets
uses: grafana/shared-workflows/actions/get-vault-secrets@main
with:
# Secrets placed in the ci/data/repo/grafana/grafana/delivery-bot-app path in Vault
repo_secrets: |
GRAFANA_DELIVERY_BOT_APP_PEM=delivery-bot-app:PRIVATE_KEY
- name: "Generate token"
id: generate_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a
with:
# App needs Actions: Read/Write for the grafana/security-patch-actions repo
app_id: ${{ vars.DELIVERY_BOT_APP_ID }}
private_key: ${{ env.GRAFANA_DELIVERY_BOT_APP_PEM }}
permissions: "{\"actions\": \"write\", \"workflows\": \"write\"}"
repositories: "[\"security-patch-actions\"]"
- name: "Dispatch job"
uses: actions/github-script@v8
with:
github-token: ${{ steps.generate_token.outputs.token }}
script: |
const {HEAD_REF, BASE_REF, REPO, SENDER, SHA, PR_COMMIT_SHA} = process.env;
await github.rest.actions.createWorkflowDispatch({
owner: 'grafana',
repo: 'security-patch-actions',
workflow_id: 'test-patches-event.yml',
ref: 'main',
inputs: {
src_repo: REPO,
src_ref: HEAD_REF,
src_merge_sha: SHA,
src_pr_commit_sha: PR_COMMIT_SHA,
patch_repo: REPO + '-security-patches',
patch_ref: BASE_REF,
triggering_github_handle: SENDER
}
})
Reference in New Issue View Git Blame Copy Permalink