Backport Bot is a JavaScript GitHub Action to backport a pull request by simply adding a label to it.
It can backport rebased and merged pull requests with a single commit and squashed and merged pull requests. It thus integrates well with Autosquash.
This version even works on forked repositories!
- ๐ Add this .github/workflows/backport.yml to your repository.
- ๐โโ๏ธ Create a user for the bot. Set this username in backport.yml
- โ๏ธ With this user, fork your repository.
- ๐ Generate a personal access token with this user. Give it only the "public_repo" permission.
- ๐ Setup this personal access token as bot_token in backport.yml.
- โ๏ธ Obfuscate the personal access token by xor it with a randomly generated bot_token_key. This step is only to prevent Github from automatically revoking your token by placing it in a public repository.
- ๐ฌ Let's say you want to backport a pull request on a branch named
production. Then label it withbackport production. (See how to create labels.) - โจ That's it! When the pull request gets merged, another pull request will be opened, backporting the commit to the
productionbranch. If the pull request cannot be backported, a comment explaining why will automatically be posted.
Note: multiple backport labels can be added. For example, if a pull request has the labels backport staging and backport production it will be backported to both branches: staging and production.
The token provided to backport.yml will be visible to anyone with access to your repo. If your repo is public, this means everyone. This will allow anyone to impersonate your bot account and use it to do anything your bot account can do. It is very important to give your bot token the "public_repo" access only, and for your bot account not to be used for anything else. Your bot account should not have any permissions that a public github user does not have.