diff --git a/.github/workflows/label-external-issues.yml b/.github/workflows/label-external-issues.yml index 1b13d83c54..3d664aafae 100644 --- a/.github/workflows/label-external-issues.yml +++ b/.github/workflows/label-external-issues.yml @@ -19,27 +19,35 @@ on: issues: types: - opened - -env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} jobs: Label-Issue: runs-on: ubuntu-latest # Only run if the issue author is not part of NV-Morpheus if: ${{ ! contains(fromJSON('["OWNER", "MEMBER", "CONTRIBUTOR", "COLLABORATOR"]'), github.event.issue.author_association)}} - steps: + steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: generate-token + with: + app-id: ${{ secrets.ACTIONS_APP_ID }} + private-key: ${{ secrets.ACTIONS_APP_KEY }} + - name: add-triage-label + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | issue_url=${{ github.event.issue.html_url }} gh issue edit ${issue_url} --add-label "Needs Triage,external" - + - name: add-comment-to-issue + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | issue_url=${{ github.event.issue.html_url }} author=${{ github.event.issue.user.login }} echo ${author} gh issue comment ${issue_url} --body "Hi @${author}! - + Thanks for submitting this issue - our team has been notified and we'll get back to you as soon as we can! In the mean time, feel free to add any relevant information to this issue." diff --git a/.github/workflows/project_automation_set_in_progress.yml b/.github/workflows/project_automation_set_in_progress.yml index 77d2bd8f17..f691b043c5 100644 --- a/.github/workflows/project_automation_set_in_progress.yml +++ b/.github/workflows/project_automation_set_in_progress.yml @@ -23,7 +23,7 @@ on: pull_request_review: # Run this action when a PR is reviewed types: [submitted] - + env: ORG: ${{ github.event.repository.owner.login }} PR_NUMBER: ${{ github.event.pull_request.number }} @@ -45,11 +45,11 @@ jobs: runs-on: ubuntu-latest # We use the default GitHub token to perform the draft update because - # The pull_request_review trigger does not grant access to the secrets.PROJECT_MANAGEMENT_PAT + # The pull_request_review trigger does not grant access to secrets permissions: issues: write pull-requests: write - + steps: - name: Check if changes requested from a reviewer id: check_changes_requested @@ -58,7 +58,7 @@ jobs: if [ ${{ github.event.review.state }} != 'changes_requested' ]; then echo "Changes not requested, exiting" exit 0 - + # If it is requesting changes, set PR to draft # We use the default token here since we're granting write access to the PR elif [ ${{ github.event.pull_request.draft }} == false ]; then @@ -72,6 +72,13 @@ jobs: fi continue-on-error: true + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: generate-token + with: + app-id: ${{ secrets.ACTIONS_APP_ID }} + private-key: ${{ secrets.ACTIONS_APP_KEY }} + - name: Wait 1 Second id: sleep if: github.event_name == 'pull_request_target' @@ -81,7 +88,7 @@ jobs: id: select_status_field_value if: github.event_name == 'pull_request_target' env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # If it's not a draft and it's an opened trigger, the status should be "Ready for Review", otherwise "In Progress" if [ ${{ github.event.pull_request.draft }} == false ] && [ ${{ github.event.action }} == "opened" ]; then @@ -97,7 +104,7 @@ jobs: id: get_pr_id if: github.event_name == 'pull_request_target' env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Query up to 10 projects for the PR gh api graphql -f query=' @@ -122,7 +129,7 @@ jobs: } } }' > project_data.json - + # Filter the json result to only the project-specific ID for the PR # A PR can be in multiple projects so we need to filter by the project ID we want pr_id=$(jq -r '.data.organization.repository.issueOrPullRequest.projectItems.edges[] | @@ -130,12 +137,12 @@ jobs: .node.id' project_data.json) echo "PR_ID=$pr_id" >> $GITHUB_ENV continue-on-error: true - + - name: Set PR Fields id: set_pr_fields if: github.event_name == 'pull_request_target' env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | gh api graphql -f query=' mutation { @@ -154,7 +161,7 @@ jobs: } } }' - + # Check if the PR has a start sprint assigned, save the result for the linked issues gh api graphql -f query=' query { @@ -171,7 +178,7 @@ jobs: }' > start_sprint_exists_data.json start_sprint_option_id=$(jq -r '.data.node.fieldValueByName.id' start_sprint_exists_data.json) echo "START_SPRINT_OPTION_ID=$start_sprint_option_id" >> $GITHUB_ENV - + # If there is no start sprint assigned, assign the current start sprint if [ "$start_sprint_option_id" == 'null' ]; then # Get current start sprint iteration id @@ -197,7 +204,7 @@ jobs: }' > start_sprint_option_data.json current_start_sprint_option_id=$(jq -r '.data.node.field.configuration.iterations[0].id' start_sprint_option_data.json) echo "CURRENT_START_SPRINT_OPTION_ID=$current_start_sprint_option_id" >> $GITHUB_ENV - + # The query below is constructed differently than the ones above due to bash variable syntax + github actions syntax interactions QUERY="mutation { updateProjectV2ItemFieldValue( @@ -217,7 +224,7 @@ jobs: }" gh api graphql --field query="$QUERY" fi - + # Assign the current working sprint to the PR (faster/simpler to just overwrite even if it is the same) gh api graphql -f query=' query { @@ -240,7 +247,7 @@ jobs: }' > working_sprint_options_data.json current_working_sprint_option_id=$(jq -r '.data.node.field.configuration.iterations[0].id' working_sprint_options_data.json) echo "CURRENT_WORKING_SPRINT_OPTION_ID=$current_working_sprint_option_id" >> $GITHUB_ENV - + # Set the working sprint to the current working sprint QUERY="mutation { updateProjectV2ItemFieldValue( @@ -260,12 +267,12 @@ jobs: }" gh api graphql --field query="$QUERY" continue-on-error: true - + - name: Sync Linked Issues id: sync_linked_issues if: github.event_name == 'pull_request_target' env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Find the linked issues to the PR gh api graphql -f query=' @@ -303,7 +310,7 @@ jobs: issue_ids=$(jq -r '.data.organization.repository.issueOrPullRequest.closingIssuesReferences.edges[].node.projectItems.edges[] | select(.node.project.id == "${{ env.PROJECT_ID }}") | .node.id' linked_issues.json) - + # For each linked issue, set the status to "In Progress", the Working Sprint to the current working sprint # If there's no Start Sprint, set that to the current Start Sprint as well for issue_id in $issue_ids; do diff --git a/.github/workflows/project_automation_set_in_review.yml b/.github/workflows/project_automation_set_in_review.yml index bacb6812df..9734a50f85 100644 --- a/.github/workflows/project_automation_set_in_review.yml +++ b/.github/workflows/project_automation_set_in_review.yml @@ -20,7 +20,7 @@ on: # Run this action when a PR is opened or edited # Issues do not have a graphQL connection to linked PRs so we can't use that event types: [ready_for_review, review_requested] - + env: ORG: ${{ github.event.repository.owner.login }} PR_NUMBER: ${{ github.event.pull_request.number }} @@ -36,16 +36,23 @@ env: jobs: project_automation_in_review: runs-on: ubuntu-latest - + steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: generate-token + with: + app-id: ${{ secrets.ACTIONS_APP_ID }} + private-key: ${{ secrets.ACTIONS_APP_KEY }} + - name: Wait 1 Second id: sleep run: sleep 1 - + - name: Get PR Project ID id: get_pr_id env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Query up to 10 projects for the PR gh api graphql -f query=' @@ -70,7 +77,7 @@ jobs: } } }' > project_data.json - + # Filter the json result to only the project-specific ID for the PR # A PR can be in multiple projects so we need to filter by the project ID we want pr_id=$(jq -r '.data.organization.repository.issueOrPullRequest.projectItems.edges[] | @@ -81,8 +88,8 @@ jobs: - name: Set PR to In Review id: set_pr_in_review - env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Update the PR status to In Review gh api graphql -f query=' @@ -107,7 +114,7 @@ jobs: - name: Set Linked Issues to In Review id: update_linked_issues env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | gh api graphql -f query=' query { @@ -144,7 +151,7 @@ jobs: issue_ids=$(jq -r '.data.organization.repository.issueOrPullRequest.closingIssuesReferences.edges[].node.projectItems.edges[] | select(.node.project.id == "${{ env.PROJECT_ID }}") | .node.id' linked_issue_data.json) - + # Set Linked Issues to In Review for issue_id in $issue_ids; do # The query below is constructed differently than the others due to bash variable syntax + github actions syntax interactions diff --git a/.github/workflows/project_automation_set_roadmap.yml b/.github/workflows/project_automation_set_roadmap.yml index 19d458908f..2759e5b943 100644 --- a/.github/workflows/project_automation_set_roadmap.yml +++ b/.github/workflows/project_automation_set_roadmap.yml @@ -22,7 +22,7 @@ on: issues: # Run this action when an issue is closed types: [closed] - + env: ORG: ${{ github.event.repository.owner.login }} PR_NUMBER: ${{ github.event.pull_request.number }} # evaluates to null for issues @@ -38,13 +38,20 @@ env: jobs: project_automation_roadmap_on_close: runs-on: ubuntu-latest - - steps: + + steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: generate-token + with: + app-id: ${{ secrets.ACTIONS_APP_ID }} + private-key: ${{ secrets.ACTIONS_APP_KEY }} + - name: Get PR Project ID if: github.event_name == 'pull_request_target' id: get_pr_id env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Query up to 10 projects for the PR gh api graphql -f query=' @@ -69,7 +76,7 @@ jobs: } } }' > project_data.json - + # Filter the json result to only the project-specific ID for the PR # A PR can be in multiple projects so we need to filter by the project ID we want pr_id=$(jq -r '.data.organization.repository.issueOrPullRequest.projectItems.edges[] | @@ -77,12 +84,12 @@ jobs: .node.id' project_data.json) echo "ITEM_ID=$pr_id" >> $GITHUB_ENV continue-on-error: true - + - name: Get Issue Project ID if: github.event_name == 'issues' id: get_issue_id env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Query up to 10 projects for the Issue gh api graphql -f query=' @@ -107,7 +114,7 @@ jobs: } } }' > project_data.json - + # Filter the json result to only the project-specific ID for the PR # A PR can be in multiple projects so we need to filter by the project ID we want issue_id=$(jq -r '.data.organization.repository.issueOrPullRequest.projectItems.edges[] | @@ -119,8 +126,8 @@ jobs: - name: Get Current Release id: get_current_release env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} - run: | + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} + run: | # Get current roadmap id # We maintain the roadmap as a single select field in the project, with the first value being the upcoming release @@ -146,8 +153,8 @@ jobs: - name: Set Item Roadmap id: set_item_roadmap - env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Perform the mutation to update the Roadmap gh api graphql -f query=' diff --git a/.github/workflows/project_automation_sync_pr_issues.yml b/.github/workflows/project_automation_sync_pr_issues.yml index 5dfa479138..7533c2e512 100644 --- a/.github/workflows/project_automation_sync_pr_issues.yml +++ b/.github/workflows/project_automation_sync_pr_issues.yml @@ -38,6 +38,13 @@ jobs: runs-on: ubuntu-latest steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: generate-token + with: + app-id: ${{ secrets.ACTIONS_APP_ID }} + private-key: ${{ secrets.ACTIONS_APP_KEY }} + - name: Wait 1 Second id: sleep run: sleep 1 @@ -45,7 +52,7 @@ jobs: - name: Get PR Project ID id: get_pr_id env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Query up to 10 projects for the PR gh api graphql -f query=' @@ -70,7 +77,7 @@ jobs: } } }' > project_data.json - + # Filter the json result to only the project-specific ID for the PR # A PR can be in multiple projects so we need to filter by the project ID we want pr_id=$(jq -r '.data.organization.repository.issueOrPullRequest.projectItems.edges[] | @@ -81,8 +88,8 @@ jobs: - name: Get Status, Start Sprint, and Working Sprint Fields from the PR id: get_pr_status - env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Query the PR's status from the project gh api graphql -f query=' @@ -140,7 +147,7 @@ jobs: - name: Sync Linked Issues id: update_linked_issues env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | gh api graphql -f query=' query { diff --git a/.github/workflows/project_automation_track_pr_dates.yml b/.github/workflows/project_automation_track_pr_dates.yml index d660e96484..28a05e4f3f 100644 --- a/.github/workflows/project_automation_track_pr_dates.yml +++ b/.github/workflows/project_automation_track_pr_dates.yml @@ -24,7 +24,6 @@ env: ORG: ${{ github.event.repository.owner.login }} PR_NUMBER: ${{ github.event.pull_request.number }} REPO: ${{ github.event.repository.name }} - GH_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} OPENED_DATE: ${{ github.event.pull_request.created_at }} CLOSED_DATE: ${{ github.event.pull_request.closed_at }} TRIGGER: ${{ github.event.action }} @@ -42,12 +41,21 @@ jobs: runs-on: ubuntu-latest steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: generate-token + with: + app-id: ${{ secrets.ACTIONS_APP_ID }} + private-key: ${{ secrets.ACTIONS_APP_KEY }} + - name: Sleep 1s id: sleep_1s run: sleep 1 - name: Get PR Project ID id: get_pr_id + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Query up to 10 projects for the PR gh api graphql -f query=' @@ -72,7 +80,7 @@ jobs: } } }' > project_data.json - + # Filter the json result to only the project-specific ID for the PR # A PR can be in multiple projects so we need to filter by the project ID we want pr_id=$(jq -r '.data.organization.repository.issueOrPullRequest.projectItems.edges[] | @@ -84,6 +92,8 @@ jobs: - name: Get Date for Review Start if: ${{ env.TRIGGER == 'ready_for_review' }} || (${{ env.TRIGGER == 'opened' }} && ${{ github.event.pull_request.draft == false }}) id: get_date + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Get the current date in the format required by ProjectsV2 GraphQL # Uses EST timezone @@ -99,6 +109,8 @@ jobs: - name: Set PR Opened Date id: set_open_date if: ${{ env.TRIGGER == 'opened' }} + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Mutation to update the PRs's Opened Date field echo "${{ env.OPENED_DATE }}" @@ -125,7 +137,9 @@ jobs: - name: Set PR Review Start Date id: set_review_date if: ${{ env.TRIGGER == 'ready_for_review' }} || (${{ env.TRIGGER == 'opened' }} && ${{ github.event.pull_request.draft == false }}) - run: | + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} + run: | # Check the Review Start Date gh api graphql -f query=' query { @@ -168,6 +182,8 @@ jobs: - name: Set PR Closed Date id: set_closed_date if: ${{ env.TRIGGER == 'closed' }} + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Mutation to update the PR's Closed Date field gh api graphql -f query='