fix: Allow all tokens to be written as YAML #11565
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: pull-request-target | |
| on: | |
| pull_request_target: | |
| types: [opened, edited, synchronize, labeled, closed] | |
| branches: | |
| - main | |
| concurrency: | |
| # Generally we use `github.ref`, but in pull_request_target, that's always `main`. | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number }} | |
| cancel-in-progress: true | |
| jobs: | |
| main: | |
| name: Validate PR title | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: amannn/action-semantic-pull-request@v5 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| requireScope: false | |
| # The standard ones plus | |
| # - "internal" for code quality / ergonomics improvements | |
| # - "devops" for developer ergonomics | |
| # - "web" for playground / website (but not docs) | |
| # - "tweak" for tiny changes | |
| types: | | |
| feat | |
| fix | |
| docs | |
| style | |
| refactor | |
| perf | |
| test | |
| build | |
| ci | |
| chore | |
| revert | |
| internal | |
| devops | |
| web | |
| tweak | |
| backport: | |
| # Backport to `web` branch on `pr-backport-web` | |
| name: Backport to `web` branch | |
| runs-on: ubuntu-latest | |
| # Confirm that it's merged and has a label to ensure nothing is backported without oversight | |
| if: | | |
| github.event.pull_request.merged | |
| && ( | |
| github.event.action == 'closed' | |
| || ( | |
| github.event.action == 'labeled' | |
| && contains(github.event.label.name, 'pr-backport-web') | |
| ) | |
| ) | |
| steps: | |
| - uses: tibdex/backport@v2 | |
| with: | |
| # This is a personal access token from the @prql-bot | |
| github_token: ${{ secrets.PRQL_BOT_GITHUB_TOKEN }} | |
| # Docs are at https://github.com/tibdex/backport/blob/main/action.yml | |
| # We only use `web` atm | |
| label_pattern: "^pr-backport-(?<base>([^ ]+))$" | |
| title_template: "chore: Backport #<%= number%> to `web`" | |
| automerge: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| contents: write | |
| # Check it's not coming from a fork — both to save running and | |
| # in case someone spoofed an `actor` name. | |
| if: ${{ !github.event.pull_request.head.repo.fork }} | |
| steps: | |
| # Get number of commits in the PR | |
| - id: commit-count | |
| run: > | |
| echo "commit-count=$(curl -s -H 'Authorization: token ${{ github.token | |
| }}' https://api.github.com/repos/prql/prql/pulls/${{ | |
| github.event.pull_request.number }}/commits | jq 'length')" | |
| >>"$GITHUB_OUTPUT" | |
| - if: | |
| # - It's dependabot | |
| # - or it's prql-bot | |
| # - or it's a pre-commit-ci update and there's only 1 commit — so it hasn't | |
| # made any changes to files | |
| github.actor == 'dependabot[bot]' || github.actor == 'prql-bot' || | |
| (github.actor == 'pre-commit-ci[bot]' && | |
| steps.commit-count.outputs.commit-count == '1') | |
| run: | |
| gh pr merge --auto --squash --delete-branch ${{ | |
| github.event.pull_request.html_url }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.PRQL_BOT_GITHUB_TOKEN }} |