From 7bb40bf058bfaf23ab90b6d650c77e594d813a96 Mon Sep 17 00:00:00 2001 From: "Jens L." Date: Fri, 29 Aug 2025 18:21:35 +0100 Subject: [PATCH] ci: cherry pick improvements (#16477) * git user name as param Signed-off-by: Jens Langhammer * prevent variable expansion in external strings Signed-off-by: Jens Langhammer * only run on pull_request_target for external PRs Signed-off-by: Jens Langhammer * get bot ID from task Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer --- .github/actions/cherry-pick/action.yml | 23 ++++++++++++++++------- .github/workflows/gh-cherry-pick.yml | 12 +++++++++--- 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/.github/actions/cherry-pick/action.yml b/.github/actions/cherry-pick/action.yml index fc930deb75..5ab52be28a 100644 --- a/.github/actions/cherry-pick/action.yml +++ b/.github/actions/cherry-pick/action.yml @@ -5,6 +5,12 @@ inputs: token: description: "GitHub Token" required: true + git_user: + description: "Git user for pushing the cherry-pick PR" + required: true + git_user_email: + description: "Git user email for pushing the cherry-pick PR" + required: true runs: using: "composite" @@ -97,9 +103,12 @@ runs: - name: Configure Git if: steps.should_run.outputs.should_run == 'true' shell: bash + env: + user: ${{ inputs.git_user }} + email: ${{ inputs.git_user_email }} run: | - git config --global user.name "authentik-automation[bot]" - git config --global user.email "135050075+authentik-automation[bot]@users.noreply.github.com" + git config --global user.name "${user}" + git config --global user.email "${email}" - name: Get PR details and extract backport labels if: steps.should_run.outputs.should_run == 'true' id: pr_details @@ -145,11 +154,11 @@ runs: GITHUB_TOKEN: ${{ inputs.token }} run: | set -e -o pipefail - PR_NUMBER="${{ steps.should_run.outputs.pr_number }}" - COMMIT_SHA="${{ steps.should_run.outputs.merge_commit_sha }}" - PR_TITLE="${{ steps.pr_details.outputs.pr_title }}" - PR_AUTHOR="${{ steps.pr_details.outputs.pr_author }}" - LABELS="${{ steps.pr_details.outputs.labels }}" + PR_NUMBER='${{ steps.should_run.outputs.pr_number }}' + COMMIT_SHA='${{ steps.should_run.outputs.merge_commit_sha }}' + PR_TITLE='${{ steps.pr_details.outputs.pr_title }}' + PR_AUTHOR='${{ steps.pr_details.outputs.pr_author }}' + LABELS='${{ steps.pr_details.outputs.labels }}' echo "Processing PR #$PR_NUMBER (reason: ${{ steps.should_run.outputs.reason }})" echo "Found backport labels: $LABELS" diff --git a/.github/workflows/gh-cherry-pick.yml b/.github/workflows/gh-cherry-pick.yml index d30bc2a021..a5a61d6c5f 100644 --- a/.github/workflows/gh-cherry-pick.yml +++ b/.github/workflows/gh-cherry-pick.yml @@ -1,10 +1,8 @@ name: GH - Cherry-pick on: - pull_request: - types: [closed, labeled] pull_request_target: - types: [labeled] + types: [closed, labeled] jobs: cherry-pick: @@ -24,7 +22,15 @@ jobs: with: fetch-depth: 0 token: "${{ steps.app-token.outputs.token }}" + - id: get-user-id + if: ${{ steps.app-token.outcome != 'skipped' }} + name: Get GitHub app user ID + run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: "${{ steps.app-token.outputs.token }}" - uses: ./.github/actions/cherry-pick if: ${{ steps.app-token.outcome != 'skipped' }} with: token: ${{ steps.app-token.outputs.token }} + git_user: ${{ steps.app-token.outputs.app-slug }}[bot] + git_user_email: '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com'