From e09b66693205f81bae586793e3f673333917e950 Mon Sep 17 00:00:00 2001 From: Umair Jibran Date: Thu, 25 May 2023 02:05:40 +0500 Subject: [PATCH 1/7] CONFIG: remove reliance on PAT --- action.yml | 28 +++------------------------- 1 file changed, 3 insertions(+), 25 deletions(-) diff --git a/action.yml b/action.yml index 58ed600..f7e443d 100644 --- a/action.yml +++ b/action.yml @@ -7,9 +7,6 @@ inputs: description: 'Branch in which you want to merge the PR, defaults to alpha' required: false default: 'alpha' - token: - description: GitHub Personal Access Token - required: true branding: icon: 'activity' color: 'white' @@ -23,30 +20,13 @@ runs: shell: bash if: ${{ github.event_name != 'pull_request' }} - - id: config-setup - run: | - echo "SETTING UP GIT CONFIG" - git config --global user.email "${{ github.actor }}@users.noreply.github.com" - git config --global user.name "${{ github.actor }}" - shell: bash - env: - GITHUB_PAT: ${{ inputs.token }} - - id: merge-branch run: | echo "DECLARING DEFAULT BRANCH" BRANCH=${{ github.event.repository.default_branch }} if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then - echo "INITIALIZING GIT REPO" - git init - echo "SETTING DEFAULT BRANCH" - git branch -m $BRANCH - echo "SETTING UP GIT REMOTE ORIGIN" - git remote add origin https://${{ github.repository_owner }}:${{ env.GITHUB_PAT }}@github.com/${{ github.repository }}.git - else - echo "UPDATING REMOTE ORIGIN FOR PRE EXISTING REPO" - git config --unset http.https://github.com/.extraheader - git remote set-url origin https://${{ github.repository_owner }}:${{ env.GITHUB_PAT }}@github.com/${{ github.repository }}.git + echo "GIT REPO NOT FOUND, PLEASE USE /`actions/checkout@latest/`" + exit 1 fi git fetch if ! git ls-remote --exit-code --heads origin ${{ env.TARGET_BRANCH }} >/dev/null 2>&1; then @@ -74,7 +54,6 @@ runs: if: ${{ github.event_name == 'pull_request' && ( github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' ) }} env: TARGET_BRANCH: ${{ inputs.target-branch }} - GITHUB_PAT: ${{ inputs.token }} - id: leave-comment run: | @@ -85,9 +64,8 @@ runs: API_URL="https://api.github.com/repos/${{ github.repository }}/issues/${PR_NUMBER}/comments" echo "POSTING COMMENT ON PR" - curl -X POST -H "Authorization: Bearer ${{ env.GITHUB_PAT }}" -d "{\"body\":\"$COMMENT\"}" $API_URL + curl -X POST -H "Authorization: Bearer ${{ github.token }}" -d "{\"body\":\"$COMMENT\"}" $API_URL shell: bash if: ${{ steps.merge-branch.outcome == 'success' }} env: TARGET_BRANCH: ${{ inputs.target-branch }} - GITHUB_PAT: ${{ inputs.token }} From 4d3dfb980791050546edbc2fe48c0937e0da998f Mon Sep 17 00:00:00 2001 From: Umair Jibran Date: Thu, 25 May 2023 02:06:58 +0500 Subject: [PATCH 2/7] DOCS: add checkout@v3 --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 5d6aae7..464fc37 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,9 @@ This action is triggered only when a pull request is opened, reopened, or synchr ```YML name: Merge PR to Testing Branch +permissions: + contents: write + on: pull_request: branches: @@ -24,6 +27,9 @@ jobs: runs-on: ubuntu-latest steps: + - name: Checks out code + uses: actions/checkout@v3 + - name: Merge PR to Testing Branch uses: solenova-tech/gamma@v1.0.0 # replace version with latest from https://github.com/marketplace/actions/gamma-ci-made-easy with: From 5f667fcc841d5d2a64f671aec4b180fed051d3dd Mon Sep 17 00:00:00 2001 From: Umair Jibran Date: Thu, 25 May 2023 02:07:18 +0500 Subject: [PATCH 3/7] DOCS: remove token related documentations --- README.md | 28 ++-------------------------- 1 file changed, 2 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 464fc37..25ab4eb 100644 --- a/README.md +++ b/README.md @@ -34,39 +34,15 @@ jobs: uses: solenova-tech/gamma@v1.0.0 # replace version with latest from https://github.com/marketplace/actions/gamma-ci-made-easy with: target-branch: 'staging' # replace this name with your testing branch - token: ${{ secrets.GITHUB_TOKEN }} # Read below on how to get this ``` -This action requires a personal access token (PAT) with appropriate permissions to perform the merge operation. Make sure you provide the token input with a valid GitHub Personal Access Token. Create a PAT with the REPO permission using the following steps: -- Sign in to your GitHub account. -- Click on your profile icon in the top-right corner, and then click on "Settings" in the dropdown menu. -- In the left sidebar, click on "Developer settings". -- In the left sidebar, click on "Personal access tokens" to expand the collapsable sub-menu. - - Click on the tokens (classic) -- Click on the "Generate new token" button. - - In the sub-menu select "Generate new token (classic)" -- Provide a descriptive note for your token in the "Note" field. This will help you identify the token's purpose later. -- Select the desired scopes or permissions for the token. Scopes define the level of access the token will have. (for our use only "**repo**" permission is enough. -- If you want the token to have access only during a specific time period, you can set an expiration date for it. -- Once you have configured the note and scopes, click on the "Generate token" button. -- GitHub will generate a new Personal Access Token for you. Copy the token value. - - After generating the token, it will be displayed only once. GitHub will not show it to you again. If you lose the token, you will need to generate a new one. -- Navigate to the main page of your repository on GitHub. -- Click on the "Settings" tab located near the top-right corner of the repository page. -- In the left sidebar, click on "Secrets and varialbes". - - In the now new expanded sub menu, click on "Actions" -- Click on the "New repository secret" button. -- Enter a name for your secret in the "Name" field. This should be a descriptive name that helps identify the purpose of the secret. In the above example, we are using the 'GITHUB_TOKEN' as Name -- In the "Value" field, enter the actual value of the secret. This can be a password, an access token, or any other sensitive information that you want to securely store, in our case the PAT that you copied above. -- Click on the "Add secret" button to save the secret. -**Note that, PAT grants significant access to your GitHub account, so treat them like passwords and keep them secure.** + + ## Inputs `target-branch` (optional): The branch in which you want to merge the pull request. Defaults to 'alpha'. -`token` (required): GitHub Personal Access Token. Make sure to provide a valid token. - ## License This project is licensed under the MIT License From b100b0ab4a18c2d9b273af1f3e50aa289894c79a Mon Sep 17 00:00:00 2001 From: Umair Jibran Date: Thu, 25 May 2023 02:15:08 +0500 Subject: [PATCH 4/7] CONFIG: set github-actions bot --- action.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/action.yml b/action.yml index f7e443d..3ada3ee 100644 --- a/action.yml +++ b/action.yml @@ -46,6 +46,9 @@ runs: fi echo "PULLING CHANGES IF ANY" git pull origin ${{ env.TARGET_BRANCH }} + echo "SETTING GITHUB-ACTION BOT CONFIG" + git config user.name 'github-actions[bot]' + git config user.email 'github-actions[bot]@users.noreply.github.com' echo "MERGING PR IN \`${{ env.TARGET_BRANCH }}\`" git merge --no-ff origin/${{ github.event.pull_request.head.ref }} -m "Merge pull request into ${{ env.TARGET_BRANCH }}" echo "PUSHING CHANGES TO ${{ env.TARGET_BRANCH }}" From dea0e1ef76e2273c82edd07d6ad699ea2fa06498 Mon Sep 17 00:00:00 2001 From: Umair Jibran Date: Thu, 25 May 2023 02:15:18 +0500 Subject: [PATCH 5/7] DOCS: remove white spaces --- README.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/README.md b/README.md index 25ab4eb..d594eb8 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ jobs: steps: - name: Checks out code - uses: actions/checkout@v3 + uses: actions/checkout@v3 - name: Merge PR to Testing Branch uses: solenova-tech/gamma@v1.0.0 # replace version with latest from https://github.com/marketplace/actions/gamma-ci-made-easy @@ -36,9 +36,6 @@ jobs: target-branch: 'staging' # replace this name with your testing branch ``` - - - ## Inputs `target-branch` (optional): The branch in which you want to merge the pull request. Defaults to 'alpha'. From 1b7488348dd6f0b26277f7052935e9d68a215727 Mon Sep 17 00:00:00 2001 From: Umair Jibran Date: Thu, 25 May 2023 02:34:28 +0500 Subject: [PATCH 6/7] CONFIG :move repo checking to top --- action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/action.yml b/action.yml index 3ada3ee..e5805ba 100644 --- a/action.yml +++ b/action.yml @@ -22,12 +22,12 @@ runs: - id: merge-branch run: | - echo "DECLARING DEFAULT BRANCH" - BRANCH=${{ github.event.repository.default_branch }} if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then - echo "GIT REPO NOT FOUND, PLEASE USE /`actions/checkout@latest/`" + echo "GIT REPO NOT FOUND, PLEASE USE \`actions/checkout@latest\`" exit 1 fi + echo "DECLARING DEFAULT BRANCH" + BRANCH=${{ github.event.repository.default_branch }} git fetch if ! git ls-remote --exit-code --heads origin ${{ env.TARGET_BRANCH }} >/dev/null 2>&1; then echo "CHECKING OUT \`$BRANCH\`" From 86e4ae4b72beccdde0a85360477117710fd3b0f9 Mon Sep 17 00:00:00 2001 From: Umair Jibran Date: Thu, 25 May 2023 02:34:39 +0500 Subject: [PATCH 7/7] DOCS: add description for permissions --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d594eb8..5805b91 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,8 @@ This action is triggered only when a pull request is opened, reopened, or synchr name: Merge PR to Testing Branch permissions: - contents: write + contents: write # for pushing the code back to your testing branch + pull-requests: write # Add this optional for allowing the action to make a comment of acknowledgment on the PR on: pull_request: