Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updating all uses of the secrets.PROJECT_MANAGEMENT_PAT to use a registered Github App #1730

Merged
merged 3 commits into from
Jun 6, 2024
Merged

Updating all uses of the secrets.PROJECT_MANAGEMENT_PAT to use a registered Github App #1730

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
abec7a0
Updating all uses of the secrets.PROJECT_MANAGEMENT_PAT to use the app
mdemoret-nv Jun 5, 2024
6d7b480
Update .github/workflows/label-external-issues.yml
mdemoret-nv Jun 5, 2024
2151072
Removing app token generation for pull_request_target
mdemoret-nv Jun 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 15 additions & 7 deletions .github/workflows/label-external-issues.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,27 +19,35 @@ on:
issues:
types:
- opened

env:
GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }}

jobs:
Label-Issue:
runs-on: ubuntu-latest
# Only run if the issue author is not part of NV-Morpheus
if: ${{ ! contains(fromJSON('["OWNER", "MEMBER", "CONTRIBUTOR", "COLLABORATOR"]'), github.event.issue.author_association)}}
steps:
steps:
- name: Generate Token
uses: actions/create-github-app-token@v1
id: generate-token
with:
app-id: ${{ secrets.ACTIONS_APP_ID }}
private-key: ${{ secrets.ACTIONS_APP_KEY }}

- name: add-triage-label
env:
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
run: |
issue_url=${{ github.event.issue.html_url }}
gh issue edit ${issue_url} --add-label "Needs Triage,external"

- name: add-comment-to-issue
env:
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
run: |
issue_url=${{ github.event.issue.html_url }}
author=${{ github.event.issue.user.login }}
echo ${author}
gh issue comment ${issue_url} --body "Hi @${author}!

Thanks for submitting this issue - our team has been notified and we'll get back to you as soon as we can!
In the mean time, feel free to add any relevant information to this issue."
In the meantime, feel free to add any relevant information to this issue."
60 changes: 26 additions & 34 deletions .github/workflows/project_automation_set_in_progress.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,33 +23,33 @@ on:
pull_request_review:
# Run this action when a PR is reviewed
types: [submitted]

env:
ORG: ${{ github.event.repository.owner.login }}
PR_NUMBER: ${{ github.event.pull_request.number }}
REPO: ${{ github.event.repository.name }}
PR_GLOBAL_ID: ${{ github.event.pull_request.node_id}}
ORG: ${{ github.event.repository.owner.login }}
PR_NUMBER: ${{ github.event.pull_request.number }}
REPO: ${{ github.event.repository.name }}
PR_GLOBAL_ID: ${{ github.event.pull_request.node_id}}

# The environment vars below are hard-coded from external queries to save time + complexity here
# Note: PVT means Project V2, not "Private"
# PVT = Project V2, PVTSSF = Project V2 Single Select Field, PVTIF = Project V2 Iteration Field
PROJECT_ID: "PVT_kwDOBkAsks4ACeio"
STATUS_FIELD_ID: "PVTSSF_lADOBkAsks4ACeiozgBbno0"
WORKING_SPRINT_FIELD_ID: "PVTIF_lADOBkAsks4ACeiozgJ_KCY"
START_SPRINT_FIELD_ID: "PVTIF_lADOBkAsks4ACeiozgI90p0"
IN_PROGRESS_PROJECT_OPTION_ID: "47fc9ee4"
IN_REVIEW_PROJECT_OPTION_ID: "eb7a6302"
# The environment vars below are hard-coded from external queries to save time + complexity here
# Note: PVT means Project V2, not "Private"
# PVT = Project V2, PVTSSF = Project V2 Single Select Field, PVTIF = Project V2 Iteration Field
PROJECT_ID: "PVT_kwDOBkAsks4ACeio"
STATUS_FIELD_ID: "PVTSSF_lADOBkAsks4ACeiozgBbno0"
WORKING_SPRINT_FIELD_ID: "PVTIF_lADOBkAsks4ACeiozgJ_KCY"
START_SPRINT_FIELD_ID: "PVTIF_lADOBkAsks4ACeiozgI90p0"
IN_PROGRESS_PROJECT_OPTION_ID: "47fc9ee4"
IN_REVIEW_PROJECT_OPTION_ID: "eb7a6302"

jobs:
project_automation_in_progress:
runs-on: ubuntu-latest

# We use the default GitHub token to perform the draft update because
# The pull_request_review trigger does not grant access to the secrets.PROJECT_MANAGEMENT_PAT
# The pull_request_review trigger does not grant access to secrets
permissions:
issues: write
pull-requests: write

steps:
- name: Check if changes requested from a reviewer
id: check_changes_requested
Expand All @@ -58,7 +58,7 @@ jobs:
if [ ${{ github.event.review.state }} != 'changes_requested' ]; then
echo "Changes not requested, exiting"
exit 0

# If it is requesting changes, set PR to draft
# We use the default token here since we're granting write access to the PR
elif [ ${{ github.event.pull_request.draft }} == false ]; then
Expand All @@ -80,8 +80,6 @@ jobs:
- name: Select Status Field Value
id: select_status_field_value
if: github.event_name == 'pull_request_target'
env:
GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }}
run: |
# If it's not a draft and it's an opened trigger, the status should be "Ready for Review", otherwise "In Progress"
if [ ${{ github.event.pull_request.draft }} == false ] && [ ${{ github.event.action }} == "opened" ]; then
Expand All @@ -96,8 +94,6 @@ jobs:
- name: Get PR Project ID
id: get_pr_id
if: github.event_name == 'pull_request_target'
env:
GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }}
run: |
# Query up to 10 projects for the PR
gh api graphql -f query='
Expand All @@ -122,20 +118,18 @@ jobs:
}
}
}' > project_data.json

# Filter the json result to only the project-specific ID for the PR
# A PR can be in multiple projects so we need to filter by the project ID we want
pr_id=$(jq -r '.data.organization.repository.issueOrPullRequest.projectItems.edges[] |
select(.node.project.id == "${{ env.PROJECT_ID }}") |
.node.id' project_data.json)
echo "PR_ID=$pr_id" >> $GITHUB_ENV
continue-on-error: true

- name: Set PR Fields
id: set_pr_fields
if: github.event_name == 'pull_request_target'
env:
GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }}
run: |
gh api graphql -f query='
mutation {
Expand All @@ -154,7 +148,7 @@ jobs:
}
}
}'

# Check if the PR has a start sprint assigned, save the result for the linked issues
gh api graphql -f query='
query {
Expand All @@ -171,7 +165,7 @@ jobs:
}' > start_sprint_exists_data.json
start_sprint_option_id=$(jq -r '.data.node.fieldValueByName.id' start_sprint_exists_data.json)
echo "START_SPRINT_OPTION_ID=$start_sprint_option_id" >> $GITHUB_ENV

# If there is no start sprint assigned, assign the current start sprint
if [ "$start_sprint_option_id" == 'null' ]; then
# Get current start sprint iteration id
Expand All @@ -197,7 +191,7 @@ jobs:
}' > start_sprint_option_data.json
current_start_sprint_option_id=$(jq -r '.data.node.field.configuration.iterations[0].id' start_sprint_option_data.json)
echo "CURRENT_START_SPRINT_OPTION_ID=$current_start_sprint_option_id" >> $GITHUB_ENV

# The query below is constructed differently than the ones above due to bash variable syntax + github actions syntax interactions
QUERY="mutation {
updateProjectV2ItemFieldValue(
Expand All @@ -217,7 +211,7 @@ jobs:
}"
gh api graphql --field query="$QUERY"
fi

# Assign the current working sprint to the PR (faster/simpler to just overwrite even if it is the same)
gh api graphql -f query='
query {
Expand All @@ -240,7 +234,7 @@ jobs:
}' > working_sprint_options_data.json
current_working_sprint_option_id=$(jq -r '.data.node.field.configuration.iterations[0].id' working_sprint_options_data.json)
echo "CURRENT_WORKING_SPRINT_OPTION_ID=$current_working_sprint_option_id" >> $GITHUB_ENV

# Set the working sprint to the current working sprint
QUERY="mutation {
updateProjectV2ItemFieldValue(
Expand All @@ -260,12 +254,10 @@ jobs:
}"
gh api graphql --field query="$QUERY"
continue-on-error: true

- name: Sync Linked Issues
id: sync_linked_issues
if: github.event_name == 'pull_request_target'
env:
GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }}
run: |
# Find the linked issues to the PR
gh api graphql -f query='
Expand Down Expand Up @@ -303,7 +295,7 @@ jobs:
issue_ids=$(jq -r '.data.organization.repository.issueOrPullRequest.closingIssuesReferences.edges[].node.projectItems.edges[] |
select(.node.project.id == "${{ env.PROJECT_ID }}") |
.node.id' linked_issues.json)

# For each linked issue, set the status to "In Progress", the Working Sprint to the current working sprint
# If there's no Start Sprint, set that to the current Start Sprint as well
for issue_id in $issue_ids; do
Expand Down
25 changes: 16 additions & 9 deletions .github/workflows/project_automation_set_in_review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ on:
# Run this action when a PR is opened or edited
# Issues do not have a graphQL connection to linked PRs so we can't use that event
types: [ready_for_review, review_requested]

env:
ORG: ${{ github.event.repository.owner.login }}
PR_NUMBER: ${{ github.event.pull_request.number }}
Expand All @@ -36,16 +36,23 @@ env:
jobs:
project_automation_in_review:
runs-on: ubuntu-latest

steps:
- name: Generate Token
uses: actions/create-github-app-token@v1
id: generate-token
with:
app-id: ${{ secrets.ACTIONS_APP_ID }}
private-key: ${{ secrets.ACTIONS_APP_KEY }}

- name: Wait 1 Second
id: sleep
run: sleep 1

- name: Get PR Project ID
id: get_pr_id
env:
GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }}
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
run: |
# Query up to 10 projects for the PR
gh api graphql -f query='
Expand All @@ -70,7 +77,7 @@ jobs:
}
}
}' > project_data.json

# Filter the json result to only the project-specific ID for the PR
# A PR can be in multiple projects so we need to filter by the project ID we want
pr_id=$(jq -r '.data.organization.repository.issueOrPullRequest.projectItems.edges[] |
Expand All @@ -81,8 +88,8 @@ jobs:

- name: Set PR to In Review
id: set_pr_in_review
env:
GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }}
env:
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
run: |
# Update the PR status to In Review
gh api graphql -f query='
Expand All @@ -107,7 +114,7 @@ jobs:
- name: Set Linked Issues to In Review
id: update_linked_issues
env:
GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }}
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
run: |
gh api graphql -f query='
query {
Expand Down Expand Up @@ -144,7 +151,7 @@ jobs:
issue_ids=$(jq -r '.data.organization.repository.issueOrPullRequest.closingIssuesReferences.edges[].node.projectItems.edges[] |
select(.node.project.id == "${{ env.PROJECT_ID }}") |
.node.id' linked_issue_data.json)

# Set Linked Issues to In Review
for issue_id in $issue_ids; do
# The query below is constructed differently than the others due to bash variable syntax + github actions syntax interactions
Expand Down
31 changes: 19 additions & 12 deletions .github/workflows/project_automation_set_roadmap.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ on:
issues:
# Run this action when an issue is closed
types: [closed]

env:
ORG: ${{ github.event.repository.owner.login }}
PR_NUMBER: ${{ github.event.pull_request.number }} # evaluates to null for issues
Expand All @@ -38,13 +38,20 @@ env:
jobs:
project_automation_roadmap_on_close:
runs-on: ubuntu-latest

steps:

steps:
- name: Generate Token
uses: actions/create-github-app-token@v1
id: generate-token
with:
app-id: ${{ secrets.ACTIONS_APP_ID }}
private-key: ${{ secrets.ACTIONS_APP_KEY }}

- name: Get PR Project ID
if: github.event_name == 'pull_request_target'
id: get_pr_id
env:
GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }}
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
run: |
# Query up to 10 projects for the PR
gh api graphql -f query='
Expand All @@ -69,20 +76,20 @@ jobs:
}
}
}' > project_data.json

# Filter the json result to only the project-specific ID for the PR
# A PR can be in multiple projects so we need to filter by the project ID we want
pr_id=$(jq -r '.data.organization.repository.issueOrPullRequest.projectItems.edges[] |
select(.node.project.id == "${{ env.PROJECT_ID }}") |
.node.id' project_data.json)
echo "ITEM_ID=$pr_id" >> $GITHUB_ENV
continue-on-error: true

- name: Get Issue Project ID
if: github.event_name == 'issues'
id: get_issue_id
env:
GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }}
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
run: |
# Query up to 10 projects for the Issue
gh api graphql -f query='
Expand All @@ -107,7 +114,7 @@ jobs:
}
}
}' > project_data.json

# Filter the json result to only the project-specific ID for the PR
# A PR can be in multiple projects so we need to filter by the project ID we want
issue_id=$(jq -r '.data.organization.repository.issueOrPullRequest.projectItems.edges[] |
Expand All @@ -119,8 +126,8 @@ jobs:
- name: Get Current Release
id: get_current_release
env:
GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }}
run: |
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
run: |
# Get current roadmap id
# We maintain the roadmap as a single select field in the project, with the first value being the upcoming release

Expand All @@ -146,8 +153,8 @@ jobs:

- name: Set Item Roadmap
id: set_item_roadmap
env:
GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }}
env:
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
run: |
# Perform the mutation to update the Roadmap
gh api graphql -f query='
Expand Down
Loading
Loading