Ashley Harrison
d8fb1e8e4e
* harden action permissions * Update .github/workflows/ephemeral-instances-pr-comment.yml Co-authored-by: Kevin Minehart <5140827+kminehart@users.noreply.github.com> * update documentation-ci --------- Co-authored-by: Kevin Minehart <5140827+kminehart@users.noreply.github.com>
57 lines
1.7 KiB
YAML
57 lines
1.7 KiB
YAML
name: PR automation
|
|
on:
|
|
pull_request_target:
|
|
types:
|
|
- labeled
|
|
- opened
|
|
- synchronize
|
|
permissions: {}
|
|
concurrency:
|
|
group: pr-commands-${{ github.event.number }}
|
|
jobs:
|
|
config:
|
|
runs-on: "ubuntu-latest"
|
|
outputs:
|
|
has-secrets: ${{ steps.check.outputs.has-secrets }}
|
|
steps:
|
|
- name: "Check for secrets"
|
|
id: check
|
|
shell: bash
|
|
run: |
|
|
if [ -n "${{ (secrets.GRAFANA_PR_AUTOMATION_APP_ID != '' &&
|
|
secrets.GRAFANA_PR_AUTOMATION_APP_PEM != '' &&
|
|
secrets.GRAFANA_MISC_STATS_API_KEY != ''
|
|
) || '' }}" ]; then
|
|
echo "has-secrets=1" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
main:
|
|
needs: config
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
if: needs.config.outputs.has-secrets
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout Actions
|
|
uses: actions/checkout@v4 # v4.2.2
|
|
with:
|
|
repository: "grafana/grafana-github-actions"
|
|
path: ./actions
|
|
ref: main
|
|
persist-credentials: false
|
|
- name: Install Actions
|
|
run: npm install --production --prefix ./actions
|
|
- name: "Generate token"
|
|
id: generate_token
|
|
uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
|
|
with:
|
|
app_id: ${{ secrets.GRAFANA_PR_AUTOMATION_APP_ID }}
|
|
private_key: ${{ secrets.GRAFANA_PR_AUTOMATION_APP_PEM }}
|
|
- name: Run Commands
|
|
uses: ./actions/commands
|
|
with:
|
|
metricsWriteAPIKey: ${{secrets.GRAFANA_MISC_STATS_API_KEY}}
|
|
token: ${{ steps.generate_token.outputs.token }}
|
|
configPath: pr-commands
|