MAINT: enhance the configuration for the pull-request-labeler workflow
#19728
Conversation
See scipy#19088. These permissions are moved from the level of the workflow to that of the job for security reasons, since this workflow uses the `pull_request_target` event. [skip cirrus] [skip circle]
As per the discussion in scipy#19088 [skip circle] [skip cirrus]
See scipy#19088 [skip cirrus] [skip circle]
|
Hi @lucascolley – I have pushed the changes you suggested in #19088 (comment), and would appreciate a review! |
lucascolley
added
maintenance
There was a problem hiding this comment.
thanks @agriyakhetarpal ! This LGTM, want to try merging @j-bowhay ?
The only part of the issue which this doesn't address is
Especially if reverted changes can be reflected that would be really nice
but I don't think it's worth trying to get that in now. I say we go with just labelling on opened for now and can look into that later if desired. It's quite rare that the amount of modules being touched decreases, and it's trivial to remove the labels manually.
|
I agree with you, I don't know of a method to do that currently... my initial guess of a way to do that would be to write another job that needs the |
See scipy#19088 [skip cirrus] [skip circle] Co-authored-by: Jake Bowhay <60778417+j-bowhay@users.noreply.github.com>
|
@lucascolley I cant remember the history on this but I am not sure merging this will enable the CI job? |
Yeah there's another switch to flip somewhere as https://github.com/scipy/scipy/actions/workflows/pull-request-labeler.yml shows "disabled manually". Do you have permissions for that?
We'll want to merge this before re-enabling the workflow. x-ref #17116 (comment) for a possible follow-up as well as "if reverted changes can be reflected" as mentioned above |
[skip ci]
[skip ci]
|
Not sure about the reverted changes one. But for
This should be possible at this time by accessing the title of a PR (note: this would require that the PR should be opened with the title since this workflow is going to run just once). Another option could be to pick off these acronyms from the commit messages – we can re-use the Please let me know what works, happy to debug on my fork! |
|
thanks for your first contribution to SciPy @agriyakhetarpal ! |
|
And thanks for your support, it's much appreciated! |
|
Looks like something isn't working quite right, will disable for now to save resources |
|
Looks like we just need to update |
|
Whoa, big one this |
Reference issue
Closes gh-19088
What does this implement/fix?
This PR configures the pull request labeler workflow to run just once on a PR, i.e., at the time of its opening – with no subsequent runs on further synchronisation events or updates to said PR. The new release of actions/labeler@v5 has fixed a previous issue where the
sync-labelsinput was not correctly configured (please see actions/labeler#112). The permissions for the workflow have been moved to the job for security reasons, considering that this workflow will contain just a singleton job which needs those permissions.Additional information
This PR uses the
pull_request_targetevent and therefore might not run with the context of the changes here; however, I had tested and debugged my changes to see whether they will work and put together an explanation in a PR on my fork of SciPy: agriyakhetarpal#2