Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport action #8191

Merged
merged 5 commits into from
May 31, 2024
Merged

Backport action #8191

merged 5 commits into from
May 31, 2024

Conversation

amercader
Copy link
Member

Fixes #8181
As discussed in the issue, this PR includes the configuration file for an action that:

  • When a PR that has a label like "Backport " is merged, it will trigger a backport action
  • If the PR commits merge cleanly into the target branch, a new PR will be created against it, assigned to the same user as the merged one. The usual checks will be run on the new PR
  • If the commits don't merge cleanly, a comment will be posted on the orginal PR with the manual commands to fix the conflicts, and the PR will be labelled with "Backport failed"
  • Additionally, Tech Team members can trigger a backport on open or already closed PRs adding a comment starting with /backport (and adding the relevant label)

Some more details:

  • The action is run using a token from the @ckanbot account, this needs to be stored in the repository secrets (BACKPORT_ACTION_PAT)
  • There are also two public variables (TECH_TEAM_USER_IDS and CKANBOT_USER_ID) that need to be added to the repository variables.
  • The action used source code code can be found at https://github.com/korthout/backport-action

@amercader
Add workflow for backporting pull requests
31d87e7 
Fixes #8181

This commit includes the configuration file for an action that:

* When a PR that has a label like "Backport <branch>" is merged,
  it will trigger a backport action
* If the PR commits merge cleanly into the target branch, a new PR will
  be created against it, assigned to the same user as the merged one.
  The usual checks will be run on the new PR
* If the commits don't merge cleanly, a comment will be posted on the
  orginal PR with the manual commands to fix the conflicts, and the PR
  will be labelled with "Backport failed"
* Additionally, Tech Team members can trigger a backport on open or
  already closed PRs adding a comment starting with `/backport` (and
  adding the relevant label)

Some more details:
* The action is run using a token from the @ckanbot account, this needs
  to be stored in the repository secrets (`BACKPORT_ACTION_PAT`)
* There are also two public variables (`TECH_TEAM_USER_IDS` and
  `CKANBOT_USER_ID`) that need to be added to the repository variables.
* The action used source code code can be found at
  https://github.com/korthout/backport-action
@amercader
Document the backports action
b7ca756
@Zharktas
Copy link
Member

Is there a reason for using personal access token instead of github token in this ? PATs are somewhat annoying as they tend to expire (which is a good thing, otherwise no one would ever rotate them). But using them would add manual labor to rotate them for this action to work.

@amercader
Copy link
Member Author

amercader commented May 23, 2024
edited

@Zharktas we can choose any of the two types of tokens, in fact for the initial testing I used one of the "legacy" tokens. The new fine-grained tokens allow you to restrict permission to one particular repo and limit the permissions within this, rather than just impersonate an account, but yes they enforce an expiration date.
Given that the ckanbot account only has access to the ckan/ckan repo (via the ckanbot team) that might be limited enough to use legacy tokens. Personally I think it's fine to use expiring PATs if we set them to a year or so, we'll get a notification, generate a new one and update the settings. If we don't we won't break anything, the next back port action will fail, we update the token and rerun it using the /backport comment

@amercader
Copy link
Member Author

@Zharktas any objections to merge this? we can experiment with different types of tokens once this is merged. I'd like to start testing it with the new dev-v2.11 branch

@amercader amercader merged commit ba1a23a into master May 31, 2024
8 checks passed
@amercader amercader deleted the backport-action branch May 31, 2024 11:26
@amercader
Copy link
Member Author

The backport actions seems to be working fine. See e.g. #8244

I had to tweak the permissions of the token to get it working and added all the settings needed in the docs: #8245

@Zharktas
Copy link
Member

Zharktas commented Jun 3, 2024

Just to note, i had no objections for this, as the rotate cycle is somewhat reasonable 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wardi wardi wardi approved these changes

Assignees

@wardi wardi

@Zharktas Zharktas

Labels
None yet
Projects
Developer & Maintainer Experience
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Automating backports via GitHub Actions
3 participants
@amercader @Zharktas @wardi