From 24217703a2b150aeb9755284d55e1d44e803cdc5 Mon Sep 17 00:00:00 2001 From: Jay Chia <17691182+jaychia@users.noreply.github.com> Date: Tue, 16 Apr 2024 12:48:27 -0700 Subject: [PATCH] [CHORE] Fix the labeller CI step failing on main (#2142) Splits our CI steps into two workflows: 1. `PR Labeller`: Autolabelling + (required) check that a label is applied 2. `Release Drafter`: drafts a new release on push to `main` This lets us better control permissioning (so that `PR Labeller` can be run from forks, and won't have access to `contents: write` permissions) --------- Co-authored-by: Jay Chia --- .github/workflows/pr-labeller.yml | 67 +++++++++++++++++++++++++++ .github/workflows/release-drafter.yml | 52 ++------------------- 2 files changed, 72 insertions(+), 47 deletions(-) create mode 100644 .github/workflows/pr-labeller.yml diff --git a/.github/workflows/pr-labeller.yml b/.github/workflows/pr-labeller.yml new file mode 100644 index 0000000000..ae19e62764 --- /dev/null +++ b/.github/workflows/pr-labeller.yml @@ -0,0 +1,67 @@ +# Adapted from: https://github.com/release-drafter/release-drafter#readme + +name: PR Labeller + +on: + # pull_request event is required only for autolabeler + # pull_request: + # Only following types are handled by the action, but one can default to all as well + # types: [opened, reopened, synchronize, edited, labeled, unlabeled] + # pull_request_target event is required for autolabeler to support PRs from forks + pull_request_target: + branches: [main] + types: [opened, reopened, synchronize, edited, labeled, unlabeled] + +# write permission is required for autolabeler and commenting on the PR +permissions: + contents: read + pull-requests: write + +jobs: + run_auto_labeller: + runs-on: ubuntu-latest + steps: + # (Optional) GitHub Enterprise requires GHE_HOST variable set + #- name: Set GHE_HOST + # run: | + # echo "GHE_HOST=${GITHUB_SERVER_URL##https:\/\/}" >> $GITHUB_ENV + + # Drafts your next Release notes as Pull Requests are merged into "master" + - uses: release-drafter/release-drafter@v6 + # (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml + # with: + # config-name: my-config.yml + # disable-autolabeler: true + with: + disable-releaser: true + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Check that at least one of the required labels was applied on this PR + label: + # Only run after the auto-labeller completes (in `run_auto_labeller`) + needs: run_auto_labeller + runs-on: ubuntu-latest + steps: + - uses: mheap/github-action-required-labels@v5 + with: + mode: minimum + count: 1 + labels: performance, enhancement, bug, chore, documentation, dependencies + add_comment: true + message: | + This PR is being prevented from merging because you need at least one of the required labels: + + ``` + enhancement | performance | bug | chore | documentation | dependencies + ``` + + The canonical and easiest way of adding them is to add the following prefixes to your PR title: + + * [FEAT]: adds the `enhancement` label + * [PERF]: adds the `performance` label + * [BUG]: adds the `bug` label + * [CHORE]: adds the `chore` label + * [DOCS]: adds the `documentation` label + + Thanks for helping us categorize and manage our PRs! diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index e9268bd697..874f1273d7 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -7,26 +7,16 @@ on: # branches to consider in the event; optional, defaults to all branches: - main - # pull_request event is required only for autolabeler - # pull_request: - # Only following types are handled by the action, but one can default to all as well - # types: [opened, reopened, synchronize, edited, labeled, unlabeled] - # pull_request_target event is required for autolabeler to support PRs from forks - pull_request_target: - branches: [main] - types: [opened, reopened, synchronize, edited, labeled, unlabeled] permissions: - contents: read + # write permission is required to create a github release + contents: write + # write permission is required for autolabeler (which we don't use here) + # otherwise, read permission is required at least + pull-requests: read jobs: update_release_draft: - permissions: - # write permission is required to create a github release - contents: write - # write permission is required for autolabeler - # otherwise, read permission is required at least - pull-requests: write runs-on: ubuntu-latest steps: # (Optional) GitHub Enterprise requires GHE_HOST variable set @@ -42,35 +32,3 @@ jobs: # disable-autolabeler: true env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Check that at least one of the required labels was applied on this PR - label: - # Only run on non-main jobs (pending PRs), and after the auto-labeller completes (in `update_release_draft`) - if: github.event.pull_request.head.ref != 'refs/heads/main' - needs: update_release_draft - runs-on: ubuntu-latest - permissions: - pull-requests: write - steps: - - uses: mheap/github-action-required-labels@v5 - with: - mode: minimum - count: 1 - labels: performance, enhancement, bug, chore, documentation, dependencies - add_comment: true - message: | - This PR is being prevented from merging because you need at least one of the required labels: - - ``` - enhancement | performance | bug | chore | documentation | dependencies - ``` - - The canonical and easiest way of adding them is to add the following prefixes to your PR title: - - * [FEAT]: adds the `enhancement` label - * [PERF]: adds the `performance` label - * [BUG]: adds the `bug` label - * [CHORE]: adds the `chore` label - * [DOCS]: adds the `documentation` label - - Thanks for helping us categorize and manage our PRs!