Skip to content
Permalink
Browse files

make workflows on PRs from forks work again (#41577)

  • Loading branch information
3nids committed Feb 16, 2021
1 parent 01889d9 commit 1d53f75497a503126920b31ed2966cc6e7d6f4df
@@ -1,7 +1,7 @@
name: Ping PR author about documentation

on:
pull_request:
pull_request_target:
types:
- opened
- labeled
@@ -10,19 +10,12 @@ jobs:
if: github.event.label.name == 'Needs Documentation'
runs-on: ubuntu-latest
steps:
# obfuscate the github token so it can be used on jobs triggered from forks
- name: Clear GH Token
id: token
uses: opengisch/clear-token@v1.0.12
with:
bot_token_encrypted: ddbdec32940df79f1adf2369b4b10f10b5a66f65
bot_token_xor_key: a1b2c3d47311f8e29e204f85a81b4df4a44e252c

# write comment to ping the PR author
- name: Create comment
uses: peter-evans/create-or-update-comment@v1
with:
token: ${{ steps.token.outputs.token }}
token: ${{ secrets.GITHUB_TOKEN }}
issue-number: ${{ github.event.pull_request.number }}
body: |
@${{ github.event.pull_request.user.login }}
@@ -16,5 +16,4 @@ Example:
## How it works

* A Github [workflow]( https://github.com/qgis/QGIS/blob/master/.github/workflows/pr_to_doc_issue.yml) takes care of creating the issue and commenting.
* To make it works on jobs triggered from forks (almost all PRs actually), the Github token has to be manually given. Since it cannot be written in clear, an [action](https://github.com/opengisch/clear-token) obfuscates its using xor encryption.
* The labels on QGIS-Documentation are deduced from the PR milestone (e.g. 3.10.2 => 3.10). To label issues, push access is required. Due to security reasons (the token appears in clear), qgis-bot has no specific rights. Labels are created using a [workflow](https://github.com/qgis/QGIS-Documentation/blob/master/.github/workflows/auto-label.yml).
@@ -2,7 +2,7 @@
name: Documentation issue for labeled PR

on:
pull_request:
pull_request_target:
types:
- closed
- labeled
@@ -13,15 +13,6 @@ jobs:
name: Create issue on doc repo for labeled issue
steps:

# obfuscate the github token so it can be used on jobs triggered from forks
- name: Clear GH Token
if: github.event.pull_request.merged && ( ( github.event.action == 'closed' && contains( github.event.pull_request.labels.*.name, 'Needs Documentation') ) || github.event.label.name == 'Needs Documentation' )
id: token
uses: opengisch/clear-token@v1.0.12
with:
bot_token_encrypted: ddbdec32940df79f1adf2369b4b10f10b5a66f65
bot_token_xor_key: a1b2c3d47311f8e29e204f85a81b4df4a44e252c

# transform the milestone (e.g. 3.10.4) to a doc label (3.10)
- name: QGIS milestone to Doc label
if: github.event.pull_request.merged && ( ( github.event.action == 'closed' && contains( github.event.pull_request.labels.*.name, 'Needs Documentation') ) || github.event.label.name == 'Needs Documentation' )
@@ -39,8 +30,6 @@ jobs:
if: github.event.pull_request.merged && ( ( github.event.action == 'closed' && contains( github.event.pull_request.labels.*.name, 'Needs Documentation') ) || github.event.label.name == 'Needs Documentation' )
id: get_pr_info
uses: octokit/request-action@v2.x
env:
GITHUB_TOKEN: ${{ steps.token.outputs.token }}
with:
route: GET /repos/qgis/QGIS/pulls/:pull_number
pull_number: ${{ github.event.pull_request.number }}
@@ -59,8 +48,6 @@ jobs:
if: github.event.pull_request.merged && ( ( github.event.action == 'closed' && contains( github.event.pull_request.labels.*.name, 'Needs Documentation') ) || github.event.label.name == 'Needs Documentation' )
uses: octokit/request-action@v2.x
id: get_pr_commits
env:
GITHUB_TOKEN: ${{ steps.token.outputs.token }}
with:
route: GET /repos/qgis/QGIS/pulls/:pull_number/commits
pull_number: ${{ github.event.pull_request.number }}
@@ -81,7 +68,7 @@ jobs:
id: doc_issue
uses: maxkomarychev/oction-create-issue@v0.7.1
with:
token: ${{ steps.token.outputs.token }}
token: ${{ secrets.GITHUB_TOKEN }}
owner: qgis
repo: QGIS-Documentation
title: ${{ format('{0} (Request in QGIS)', github.event.pull_request.title) }}
@@ -107,7 +94,7 @@ jobs:
if: github.event.pull_request.merged && ( ( github.event.action == 'closed' && contains( github.event.pull_request.labels.*.name, 'Needs Documentation') ) || github.event.label.name == 'Needs Documentation' )
uses: peter-evans/create-or-update-comment@v1
with:
token: ${{ steps.token.outputs.token }}
token: ${{ secrets.GITHUB_TOKEN }}
issue-number: ${{ github.event.pull_request.number }}
body: |
@${{ github.event.pull_request.user.login }}

0 comments on commit 1d53f75

Please sign in to comment.