Skip to content

Add UPBOUND_GITHUB_BOT_TOKEN to publish provider pipeline #131

Add UPBOUND_GITHUB_BOT_TOKEN to publish provider pipeline

Add UPBOUND_GITHUB_BOT_TOKEN to publish provider pipeline #131

Workflow file for this run

name: Backport
on:
# NOTE(negz): This is a risky target, but we run this action only when and if
# a PR is closed, then filter down to specifically merged PRs. We also don't
# invoke any scripts, etc from within the repo. I believe the fact that we'll
# be able to review PRs before this runs makes this fairly safe.
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
pull_request_target:
types: [closed]
# See also commands.yml for the /backport triggered variant of this workflow.
jobs:
# NOTE(negz): I tested many backport GitHub actions before landing on this
# one. Many do not support merge commits, or do not support pull requests with
# more than one commit. This one does. It also handily links backport PRs with
# new PRs, and provides commentary and instructions when it can't backport.
# The main gotchas with this action are that it _only_ supports merge commits,
# and that PRs _must_ be labelled before they're merged to trigger a backport.
open-pr:
runs-on: ubuntu-22.04
if: github.event.pull_request.merged
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
with:
fetch-depth: 0
- name: Open Backport PR
uses: zeebe-io/backport-action@2ee900dc92632adf994f8e437b6d16840fd61f58 # v0.0.9
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
github_workspace: ${{ github.workspace }}
version: v0.0.8