mirror of
https://github.com/vector-im/element-web.git
synced 2026-03-29 18:22:09 +02:00
2e0adc5832
* Add zizmor CI & make it happy Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> * Fix zizmor job Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --------- Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
35 lines
1.2 KiB
YAML
35 lines
1.2 KiB
YAML
name: Backport
|
|
on:
|
|
# Privilege escalation necessary to enable backporting PRs from forks
|
|
# 🚨 We must not execute any checked out code here.
|
|
pull_request_target: # zizmor: ignore[dangerous-triggers]
|
|
types:
|
|
- closed
|
|
- labeled
|
|
branches:
|
|
- develop
|
|
|
|
permissions: {} # We use ELEMENT_BOT_TOKEN instead
|
|
|
|
jobs:
|
|
backport:
|
|
name: Backport
|
|
runs-on: ubuntu-24.04
|
|
# Only react to merged PRs for security reasons.
|
|
# See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target.
|
|
if: >
|
|
github.event.pull_request.merged
|
|
&& (
|
|
github.event.action == 'closed'
|
|
|| (
|
|
github.event.action == 'labeled'
|
|
&& contains(github.event.label.name, 'backport')
|
|
)
|
|
)
|
|
steps:
|
|
- uses: tibdex/backport@9565281eda0731b1d20c4025c43339fb0a23812e # v2
|
|
with:
|
|
labels_template: "<%= JSON.stringify([...labels, 'X-Release-Blocker']) %>"
|
|
# We can't use GITHUB_TOKEN here or CI won't run on the new PR
|
|
github_token: ${{ secrets.ELEMENT_BOT_TOKEN }}
|