Josh Hunt
5ce4d134ff
CI: Fix Skye and E2E GHA workflows (#104811) * CI: Use pr_automation_app in skye workflow * CI: Fix e2e workflow artifact name (cherry picked from commite9fe1dedf7) * remove old-arch check (cherry picked from commit960e2d057b) (cherry picked from commit035ecc15b2)
107 lines
3.7 KiB
YAML
107 lines
3.7 KiB
YAML
name: Add issues and PRs to Skye project board
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
manual_issue_number:
|
|
description: 'Issue/PR number to add to project'
|
|
required: false
|
|
type: number
|
|
issues:
|
|
types: [opened]
|
|
pull_request:
|
|
types: [opened]
|
|
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
|
|
env:
|
|
ORGANIZATION: grafana
|
|
REPO: grafana
|
|
PROJECT_ID: "PVT_kwDOAG3Mbc4AxfcI" # Retrieved manually from GitHub GraphQL Explorer
|
|
|
|
concurrency:
|
|
group: skye-add-to-project-${{ github.event.number }}
|
|
|
|
jobs:
|
|
main:
|
|
if: github.repository == 'grafana/grafana'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: "Get vault secrets"
|
|
id: vault-secrets
|
|
uses: grafana/shared-workflows/actions/get-vault-secrets@main # zizmor: ignore[unpinned-uses]
|
|
with:
|
|
# Vault secret paths:
|
|
# - ci/repo/grafana/grafana/grafana_pr_automation_app
|
|
# - ci/repo/grafana/grafana/frontend_platform_skye_usernames (comma separated list of usernames)
|
|
repo_secrets: |
|
|
GH_APP_ID=grafana_pr_automation_app:app_id
|
|
GH_APP_PEM=grafana_pr_automation_app:app_pem
|
|
ALLOWED_USERS=frontend_platform_skye_usernames:allowed_users
|
|
|
|
- name: Generate token
|
|
id: generate_token
|
|
uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
|
|
with:
|
|
app_id: ${{ env.GH_APP_ID }}
|
|
private_key: ${{ env.GH_APP_PEM }}
|
|
|
|
# Check if the user is in the list from the secret
|
|
- name: Check if user is allowed
|
|
id: check_user
|
|
env:
|
|
ALLOWED_USERS: ${{ env.ALLOWED_USERS }}
|
|
USERNAME: ${{ github.event.sender.login }}
|
|
run: |
|
|
# Convert the comma-separated list to an array
|
|
IFS=',' read -ra ALLOWED_USERS <<< "$ALLOWED_USERS"
|
|
|
|
# Check if user is in the allowed list
|
|
for allowed_user in "${ALLOWED_USERS[@]}"; do
|
|
if [ "$allowed_user" = "$USERNAME" ]; then
|
|
echo "user_allowed=true" >> $GITHUB_OUTPUT
|
|
exit 0
|
|
fi
|
|
done
|
|
echo "user_allowed=false" >> $GITHUB_OUTPUT
|
|
|
|
# Convert the issue/PR number to a node ID for the GraphQL API
|
|
- name: Get node ID for item
|
|
if: steps.check_user.outputs.user_allowed == 'true'
|
|
id: get_node_id
|
|
uses: octokit/graphql-action@51bf543c240dcd14761320e2efc625dc32ec0d32
|
|
with:
|
|
query: |
|
|
query getNodeId($owner: String!, $repo: String!, $number: Int!) {
|
|
repository(owner: $owner, name: $repo) {
|
|
issueOrPullRequest(number: $number) {
|
|
... on Issue { id }
|
|
... on PullRequest { id }
|
|
}
|
|
}
|
|
}
|
|
variables: |
|
|
owner: ${{ env.ORGANIZATION }}
|
|
repo: ${{ env.REPO }}
|
|
number: ${{ github.event.number || github.event.inputs.manual_issue_number }}
|
|
env:
|
|
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
|
|
|
|
# Finally, add the issue/PR to the project board
|
|
- name: Add to project board
|
|
if: steps.check_user.outputs.user_allowed == 'true'
|
|
uses: octokit/graphql-action@51bf543c240dcd14761320e2efc625dc32ec0d32
|
|
with:
|
|
query: |
|
|
mutation addItem($projectid: ID!, $itemid: ID!) {
|
|
addProjectV2ItemById(input: {projectId: $projectid, contentId: $itemid}) {
|
|
item { id }
|
|
}
|
|
}
|
|
variables: |
|
|
projectid: ${{ env.PROJECT_ID }}
|
|
itemid: ${{ fromJSON(steps.get_node_id.outputs.data).repository.issueOrPullRequest.id }}
|
|
env:
|
|
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
|