From fccb6dde680a029940b64f39e2df60df8fad656a Mon Sep 17 00:00:00 2001 From: Salah Al Saleh Date: Thu, 4 Jan 2024 15:30:18 +0000 Subject: [PATCH 01/10] Automated PRs manager workflow --- .github/workflows/automated-prs-manager.yaml | 92 ++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 .github/workflows/automated-prs-manager.yaml diff --git a/.github/workflows/automated-prs-manager.yaml b/.github/workflows/automated-prs-manager.yaml new file mode 100644 index 0000000000..08a9e6a09b --- /dev/null +++ b/.github/workflows/automated-prs-manager.yaml @@ -0,0 +1,92 @@ +name: Automated PRs Manager + +on: + # TODO NOW: remove pull_request and uncomment schedule + pull_request: + # schedule: + # - cron: "0 0 * * *" + +jobs: + list-prs: + runs-on: ubuntu-latest + outputs: + prs: ${{ steps.list-prs.outputs.prs }} + steps: + - name: List PRs + id: list-prs + env: + GH_TOKEN: ${{ secrets.NIGHTLY_GH_PAT }} + run: | + set -euo pipefail + + # list dependabot and automated prs that are less than 24h old + + dependabot_prs=$(gh pr list --label dependabot --json url,headRefName,createdAt -q '.[] | select(.createdAt | fromdateiso8601 > now - 86400)') + automated_prs=$(gh pr list --label automated-pr --json url,headRefName,createdAt -q '.[] | select(.createdAt | fromdateiso8601 > now - 86400)') + prs=$(echo "$dependabot_prs" "$automated_prs" | jq -s '. | unique') + + echo "prs=$prs" >> "$GITHUB_OUTPUT" + + process-prs: + needs: list-prs + runs-on: ubuntu-latest + strategy: + matrix: + pr: ${{ fromJson(needs.list-prs.outputs.prs) }} + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + ref: ${{ matrix.pr.headRefName }} + + - name: Process PR + env: + GH_TOKEN: ${{ secrets.NIGHTLY_GH_PAT }} + run: | + set -euo pipefail + + if gh pr checks ${{ matrix.pr.url }} --required; then + echo "All required checks passed. Approving and merging." + gh pr review --approve ${{ matrix.pr.url } --body "LGTM :thumbsup:" + gh pr merge --auto --squash ${{ matrix.pr.url }} + exit 0 + fi + + echo "Some required checks failed." + echo "Ensuring required labels..." + gh pr edit ${{ matrix.pr.url }} --add-label "type::security" + + echo "Checking if we should re-run tests..." + run_id=$(gh run list --branch ${{ matrix.pr.headRefName }} --workflow build-test --limit 1 --json databaseId -q '.[0].databaseId') + + num_of_pending_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select(.conclusion == "") | .name' | wc -l) + if [ $num_of_pending_jobs -gt 0 ]; then + echo "There are still pending jobs. Skipping." + exit 0 + fi + + # If more than half of the validate-* jobs are successful, just re-run the failed jobs. + num_of_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select(.name | startswith("validate-")) | .name' | wc -l) + num_of_successful_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select((.name | startswith("validate-")) and (.conclusion == "success")) | .name' | wc -l) + if [ $num_of_successful_jobs -gt $((num_of_jobs / 2)) ]; then + echo "More than half of the validate-* jobs are successful. Re-running failed jobs." + gh run rerun $run_id --failed + exit 0 + fi + + echo "Re-running tests..." + + run_id=$(gh run list --branch dependabot/npm_and_yarn/web/storybook/addon-interactions-7.6.7 --workflow build-test --limit 1 --json databaseId -q '.[0].databaseId') + num_of_pending_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select((.name | startswith("validate-")) and (.conclusion == "")) | .name' | wc -l) + + # If more than half of the validate-* jobs are successful, just re-run the failed jobs. + num_of_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select(.name | startswith("validate-")) | .name' | wc -l) + num_of_successful_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select((.name | startswith("validate-")) and (.conclusion == "success")) | .name' | wc -l) + + # get jobs that have not finished yet + + if [ $num_of_successful_jobs -gt $((num_of_jobs / 2)) ]; then + echo "More than half of the validate-* jobs are successful. Re-running failed jobs." + gh run rerun $run_id --failed + exit 0 + fi From 24edeefc290d125796d3770fe4833938c87207ad Mon Sep 17 00:00:00 2001 From: Salah Al Saleh Date: Thu, 4 Jan 2024 15:33:26 +0000 Subject: [PATCH 02/10] fix syntax --- .github/workflows/automated-prs-manager.yaml | 22 ++++---------------- 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/.github/workflows/automated-prs-manager.yaml b/.github/workflows/automated-prs-manager.yaml index 08a9e6a09b..144d60e855 100644 --- a/.github/workflows/automated-prs-manager.yaml +++ b/.github/workflows/automated-prs-manager.yaml @@ -47,7 +47,7 @@ jobs: if gh pr checks ${{ matrix.pr.url }} --required; then echo "All required checks passed. Approving and merging." - gh pr review --approve ${{ matrix.pr.url } --body "LGTM :thumbsup:" + gh pr review --approve ${{ matrix.pr.url }} --body "LGTM :thumbsup:" gh pr merge --auto --squash ${{ matrix.pr.url }} exit 0 fi @@ -65,28 +65,14 @@ jobs: exit 0 fi - # If more than half of the validate-* jobs are successful, just re-run the failed jobs. + # If more than half of the validate-* jobs are successful, re-run the failed jobs. num_of_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select(.name | startswith("validate-")) | .name' | wc -l) num_of_successful_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select((.name | startswith("validate-")) and (.conclusion == "success")) | .name' | wc -l) - if [ $num_of_successful_jobs -gt $((num_of_jobs / 2)) ]; then - echo "More than half of the validate-* jobs are successful. Re-running failed jobs." - gh run rerun $run_id --failed - exit 0 - fi - - echo "Re-running tests..." - - run_id=$(gh run list --branch dependabot/npm_and_yarn/web/storybook/addon-interactions-7.6.7 --workflow build-test --limit 1 --json databaseId -q '.[0].databaseId') - num_of_pending_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select((.name | startswith("validate-")) and (.conclusion == "")) | .name' | wc -l) - - # If more than half of the validate-* jobs are successful, just re-run the failed jobs. - num_of_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select(.name | startswith("validate-")) | .name' | wc -l) - num_of_successful_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select((.name | startswith("validate-")) and (.conclusion == "success")) | .name' | wc -l) - - # get jobs that have not finished yet if [ $num_of_successful_jobs -gt $((num_of_jobs / 2)) ]; then echo "More than half of the validate-* jobs are successful. Re-running failed jobs." gh run rerun $run_id --failed exit 0 fi + + echo "Less than half of the validate-* jobs are successful. Skipping." From f5380a6b316e4d6c8b0d8cf91d3c0976a747e36a Mon Sep 17 00:00:00 2001 From: Salah Al Saleh Date: Thu, 4 Jan 2024 15:34:14 +0000 Subject: [PATCH 03/10] checkout repo --- .github/workflows/automated-prs-manager.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/automated-prs-manager.yaml b/.github/workflows/automated-prs-manager.yaml index 144d60e855..da35c5f95c 100644 --- a/.github/workflows/automated-prs-manager.yaml +++ b/.github/workflows/automated-prs-manager.yaml @@ -12,6 +12,9 @@ jobs: outputs: prs: ${{ steps.list-prs.outputs.prs }} steps: + - name: Checkout + uses: actions/checkout@v4 + - name: List PRs id: list-prs env: From 2148f6699f9ddf417bfabd8bc62be21b3884e16b Mon Sep 17 00:00:00 2001 From: Salah Al Saleh Date: Thu, 4 Jan 2024 15:45:51 +0000 Subject: [PATCH 04/10] updates --- .github/workflows/automated-prs-manager.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/automated-prs-manager.yaml b/.github/workflows/automated-prs-manager.yaml index da35c5f95c..e665e432a8 100644 --- a/.github/workflows/automated-prs-manager.yaml +++ b/.github/workflows/automated-prs-manager.yaml @@ -24,11 +24,11 @@ jobs: # list dependabot and automated prs that are less than 24h old - dependabot_prs=$(gh pr list --label dependabot --json url,headRefName,createdAt -q '.[] | select(.createdAt | fromdateiso8601 > now - 86400)') - automated_prs=$(gh pr list --label automated-pr --json url,headRefName,createdAt -q '.[] | select(.createdAt | fromdateiso8601 > now - 86400)') - prs=$(echo "$dependabot_prs" "$automated_prs" | jq -s '. | unique') + # dependabot_prs=$(gh pr list --label dependabot --json url,headRefName,createdAt -q '.[] | select(.createdAt | fromdateiso8601 > now - 86400)') + # automated_prs=$(gh pr list --label automated-pr --json url,headRefName,createdAt -q '.[] | select(.createdAt | fromdateiso8601 > now - 86400)') + # prs=$(echo "$dependabot_prs" "$automated_prs" | jq -s '. | unique') - echo "prs=$prs" >> "$GITHUB_OUTPUT" + echo "prs=$(gh pr list --label dependabot --json url,headRefName,createdAt -q '.[] | select(.createdAt | fromdateiso8601 > now - 86400)')" >> "$GITHUB_OUTPUT" process-prs: needs: list-prs From dfd3a9856ba9789e5e1c5b9083ff994c35735c91 Mon Sep 17 00:00:00 2001 From: Salah Al Saleh Date: Thu, 4 Jan 2024 16:00:29 +0000 Subject: [PATCH 05/10] compact json array --- .github/workflows/automated-prs-manager.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/automated-prs-manager.yaml b/.github/workflows/automated-prs-manager.yaml index e665e432a8..2616769985 100644 --- a/.github/workflows/automated-prs-manager.yaml +++ b/.github/workflows/automated-prs-manager.yaml @@ -24,11 +24,11 @@ jobs: # list dependabot and automated prs that are less than 24h old - # dependabot_prs=$(gh pr list --label dependabot --json url,headRefName,createdAt -q '.[] | select(.createdAt | fromdateiso8601 > now - 86400)') - # automated_prs=$(gh pr list --label automated-pr --json url,headRefName,createdAt -q '.[] | select(.createdAt | fromdateiso8601 > now - 86400)') - # prs=$(echo "$dependabot_prs" "$automated_prs" | jq -s '. | unique') + dependabot_prs=$(gh pr list --label dependabot --json url,headRefName,createdAt -q '.[] | select(.createdAt | fromdateiso8601 > now - 86400)') + automated_prs=$(gh pr list --label automated-pr --json url,headRefName,createdAt -q '.[] | select(.createdAt | fromdateiso8601 > now - 86400)') + prs=$(echo "$dependabot_prs" "$automated_prs" | jq -sc '. | unique') - echo "prs=$(gh pr list --label dependabot --json url,headRefName,createdAt -q '.[] | select(.createdAt | fromdateiso8601 > now - 86400)')" >> "$GITHUB_OUTPUT" + echo "prs=$prs" >> "$GITHUB_OUTPUT" process-prs: needs: list-prs From 71651b10b4d4a62f604fd0de91602f1b8f260a54 Mon Sep 17 00:00:00 2001 From: Salah Al Saleh Date: Thu, 4 Jan 2024 16:09:36 +0000 Subject: [PATCH 06/10] test permissions --- .github/workflows/automated-prs-manager.yaml | 41 +++++++++++--------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/.github/workflows/automated-prs-manager.yaml b/.github/workflows/automated-prs-manager.yaml index 2616769985..590f301d71 100644 --- a/.github/workflows/automated-prs-manager.yaml +++ b/.github/workflows/automated-prs-manager.yaml @@ -48,34 +48,37 @@ jobs: run: | set -euo pipefail - if gh pr checks ${{ matrix.pr.url }} --required; then - echo "All required checks passed. Approving and merging." - gh pr review --approve ${{ matrix.pr.url }} --body "LGTM :thumbsup:" - gh pr merge --auto --squash ${{ matrix.pr.url }} - exit 0 - fi + # if gh pr checks ${{ matrix.pr.url }} --required; then + # echo "All required checks passed. Approving and merging." + # gh pr review --approve ${{ matrix.pr.url }} --body "LGTM :thumbsup:" + # gh pr merge --auto --squash ${{ matrix.pr.url }} + # exit 0 + # fi echo "Some required checks failed." echo "Ensuring required labels..." gh pr edit ${{ matrix.pr.url }} --add-label "type::security" echo "Checking if we should re-run tests..." - run_id=$(gh run list --branch ${{ matrix.pr.headRefName }} --workflow build-test --limit 1 --json databaseId -q '.[0].databaseId') + gh run list --branch ${{ matrix.pr.headRefName }} --workflow build-test --limit 1 --json databaseId -q '.[0].databaseId' + # run_id=$(gh run list --branch ${{ matrix.pr.headRefName }} --workflow build-test --limit 1 --json databaseId -q '.[0].databaseId') - num_of_pending_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select(.conclusion == "") | .name' | wc -l) - if [ $num_of_pending_jobs -gt 0 ]; then - echo "There are still pending jobs. Skipping." - exit 0 - fi + # num_of_pending_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select(.conclusion == "") | .name' | wc -l) + # if [ $num_of_pending_jobs -gt 0 ]; then + # echo "There are still pending jobs. Skipping." + # exit 0 + # fi + gh run view $run_id --json jobs -q '.jobs[] | select(.conclusion == "") | .name' | wc -l # If more than half of the validate-* jobs are successful, re-run the failed jobs. - num_of_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select(.name | startswith("validate-")) | .name' | wc -l) - num_of_successful_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select((.name | startswith("validate-")) and (.conclusion == "success")) | .name' | wc -l) + # num_of_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select(.name | startswith("validate-")) | .name' | wc -l) + # num_of_successful_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select((.name | startswith("validate-")) and (.conclusion == "success")) | .name' | wc -l) - if [ $num_of_successful_jobs -gt $((num_of_jobs / 2)) ]; then - echo "More than half of the validate-* jobs are successful. Re-running failed jobs." - gh run rerun $run_id --failed - exit 0 - fi + # if [ $num_of_successful_jobs -gt $((num_of_jobs / 2)) ]; then + # echo "More than half of the validate-* jobs are successful. Re-running failed jobs." + # gh run rerun $run_id --failed + # exit 0 + # fi + gh run rerun $run_id --failed echo "Less than half of the validate-* jobs are successful. Skipping." From 981d4ca6b9312dfd8d0ffbed5935f3bc6143832e Mon Sep 17 00:00:00 2001 From: Salah Al Saleh Date: Thu, 4 Jan 2024 16:10:41 +0000 Subject: [PATCH 07/10] test permissions --- .github/workflows/automated-prs-manager.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/automated-prs-manager.yaml b/.github/workflows/automated-prs-manager.yaml index 590f301d71..3088280dd6 100644 --- a/.github/workflows/automated-prs-manager.yaml +++ b/.github/workflows/automated-prs-manager.yaml @@ -61,7 +61,7 @@ jobs: echo "Checking if we should re-run tests..." gh run list --branch ${{ matrix.pr.headRefName }} --workflow build-test --limit 1 --json databaseId -q '.[0].databaseId' - # run_id=$(gh run list --branch ${{ matrix.pr.headRefName }} --workflow build-test --limit 1 --json databaseId -q '.[0].databaseId') + run_id=$(gh run list --branch ${{ matrix.pr.headRefName }} --workflow build-test --limit 1 --json databaseId -q '.[0].databaseId') # num_of_pending_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select(.conclusion == "") | .name' | wc -l) # if [ $num_of_pending_jobs -gt 0 ]; then From 39f7436fda052eea5ce4ef79d1cf14d026613884 Mon Sep 17 00:00:00 2001 From: Salah Al Saleh Date: Thu, 4 Jan 2024 16:13:41 +0000 Subject: [PATCH 08/10] one more --- .github/workflows/automated-prs-manager.yaml | 27 +++++++++----------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/.github/workflows/automated-prs-manager.yaml b/.github/workflows/automated-prs-manager.yaml index 3088280dd6..b5e59cfbf0 100644 --- a/.github/workflows/automated-prs-manager.yaml +++ b/.github/workflows/automated-prs-manager.yaml @@ -60,25 +60,22 @@ jobs: gh pr edit ${{ matrix.pr.url }} --add-label "type::security" echo "Checking if we should re-run tests..." - gh run list --branch ${{ matrix.pr.headRefName }} --workflow build-test --limit 1 --json databaseId -q '.[0].databaseId' run_id=$(gh run list --branch ${{ matrix.pr.headRefName }} --workflow build-test --limit 1 --json databaseId -q '.[0].databaseId') - # num_of_pending_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select(.conclusion == "") | .name' | wc -l) - # if [ $num_of_pending_jobs -gt 0 ]; then - # echo "There are still pending jobs. Skipping." - # exit 0 - # fi - gh run view $run_id --json jobs -q '.jobs[] | select(.conclusion == "") | .name' | wc -l + num_of_pending_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select(.conclusion == "") | .name' | wc -l) + if [ $num_of_pending_jobs -gt 0 ]; then + echo "There are still pending jobs. Skipping." + exit 0 + fi # If more than half of the validate-* jobs are successful, re-run the failed jobs. - # num_of_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select(.name | startswith("validate-")) | .name' | wc -l) - # num_of_successful_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select((.name | startswith("validate-")) and (.conclusion == "success")) | .name' | wc -l) + num_of_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select(.name | startswith("validate-")) | .name' | wc -l) + num_of_successful_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select((.name | startswith("validate-")) and (.conclusion == "success")) | .name' | wc -l) - # if [ $num_of_successful_jobs -gt $((num_of_jobs / 2)) ]; then - # echo "More than half of the validate-* jobs are successful. Re-running failed jobs." - # gh run rerun $run_id --failed - # exit 0 - # fi - gh run rerun $run_id --failed + if [ $num_of_successful_jobs -gt $((num_of_jobs / 2)) ]; then + echo "More than half of the validate-* jobs are successful. Re-running failed jobs." + gh run rerun $run_id --failed + exit 0 + fi echo "Less than half of the validate-* jobs are successful. Skipping." From c080d83f906ccb013b8a658d1440eaea533eee6d Mon Sep 17 00:00:00 2001 From: Salah Al Saleh Date: Thu, 4 Jan 2024 16:33:59 +0000 Subject: [PATCH 09/10] updates --- .github/workflows/automated-prs-manager.yaml | 35 ++++++++++++++------ 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/.github/workflows/automated-prs-manager.yaml b/.github/workflows/automated-prs-manager.yaml index b5e59cfbf0..136f9be328 100644 --- a/.github/workflows/automated-prs-manager.yaml +++ b/.github/workflows/automated-prs-manager.yaml @@ -6,6 +6,10 @@ on: # schedule: # - cron: "0 0 * * *" +permissions: + contents: write + pull-requests: write + jobs: list-prs: runs-on: ubuntu-latest @@ -18,7 +22,7 @@ jobs: - name: List PRs id: list-prs env: - GH_TOKEN: ${{ secrets.NIGHTLY_GH_PAT }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | set -euo pipefail @@ -44,31 +48,40 @@ jobs: - name: Process PR env: - GH_TOKEN: ${{ secrets.NIGHTLY_GH_PAT }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | set -euo pipefail - # if gh pr checks ${{ matrix.pr.url }} --required; then - # echo "All required checks passed. Approving and merging." - # gh pr review --approve ${{ matrix.pr.url }} --body "LGTM :thumbsup:" - # gh pr merge --auto --squash ${{ matrix.pr.url }} - # exit 0 - # fi - - echo "Some required checks failed." echo "Ensuring required labels..." gh pr edit ${{ matrix.pr.url }} --add-label "type::security" - echo "Checking if we should re-run tests..." + echo "Checking status of tests..." run_id=$(gh run list --branch ${{ matrix.pr.headRefName }} --workflow build-test --limit 1 --json databaseId -q '.[0].databaseId') + # If there are still pending jobs, skip. + num_of_pending_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select(.conclusion == "") | .name' | wc -l) if [ $num_of_pending_jobs -gt 0 ]; then echo "There are still pending jobs. Skipping." exit 0 fi + # If all tests and required checks passed, approve and merge. + + if gh run view $run_id --json jobs -q '.jobs[] | select(.name == "validate-success") | .conclusion' | grep -q "success"; then + if gh pr checks ${{ matrix.pr.url }} --required; then + echo "All tests and required checks passed. Approving and merging." + gh pr review --approve ${{ matrix.pr.url }} --body "LGTM :thumbsup:" + gh pr merge --auto --squash ${{ matrix.pr.url }} + exit 0 + else + echo "All tests passed, but some required PR checks have not. Skipping." + exit 0 + fi + fi + # If more than half of the validate-* jobs are successful, re-run the failed jobs. + num_of_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select(.name | startswith("validate-")) | .name' | wc -l) num_of_successful_jobs=$(gh run view $run_id --json jobs -q '.jobs[] | select((.name | startswith("validate-")) and (.conclusion == "success")) | .name' | wc -l) From 1cd1c4405a93c1e43379b6dc660635cb29466580 Mon Sep 17 00:00:00 2001 From: Salah Al Saleh Date: Thu, 4 Jan 2024 16:35:53 +0000 Subject: [PATCH 10/10] updates --- .github/workflows/automated-prs-manager.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/automated-prs-manager.yaml b/.github/workflows/automated-prs-manager.yaml index 136f9be328..cbf879c719 100644 --- a/.github/workflows/automated-prs-manager.yaml +++ b/.github/workflows/automated-prs-manager.yaml @@ -6,10 +6,6 @@ on: # schedule: # - cron: "0 0 * * *" -permissions: - contents: write - pull-requests: write - jobs: list-prs: runs-on: ubuntu-latest @@ -22,7 +18,7 @@ jobs: - name: List PRs id: list-prs env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.NIGHTLY_GH_PAT }} run: | set -euo pipefail @@ -48,7 +44,7 @@ jobs: - name: Process PR env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.NIGHTLY_GH_PAT }} run: | set -euo pipefail