⬆(deps): Bump social-auth-core[openidconnect] from 4.4.2 to 4.5.4 #273
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow makes a naive attempt at enforcing our internal convention that | |
# PRs should generally always and only be labeled with the deployment label if it merges the development branch into the production branch. | |
# | |
# The workflow requires that the following repository variables have been created: | |
# - `REPOSITORY_NAME` - The name of the repository | |
# - `PRODUCTION_BRANCH_NAME` - The name of the repository's production branch (e.g. `main`) | |
# - `DEVELOPMENT_BRANCH_NAME` - The name of the repository's development branch (e.g. `dev`) | |
# - `DEPLOYMENT_LABEL_NAME` - The name of the deployment label used in the repository (typically `deployment`) | |
# and the following organization variables: | |
# - `ORGANIZATION_NAME` - The name of the organization in the project URL (https://github.com/orgs/MAKENTNU/projects/1) | |
name: Label deployment pull requests | |
on: | |
pull_request: | |
# `edited` will trigger if the PR changes its base branch | |
types: [ opened, edited ] | |
jobs: | |
manage_deployment_label_of_pull_request: | |
# Do a rough check - which will weed out most PRs - before doing more detailed checks in the steps below | |
if: ${{ github.base_ref == vars.PRODUCTION_BRANCH_NAME && github.head_ref == vars.DEVELOPMENT_BRANCH_NAME | |
|| contains(github.event.pull_request.labels.*.name, vars.DEPLOYMENT_LABEL_NAME) }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Generate token | |
id: generate_token | |
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 | |
with: | |
app_id: ${{ secrets.MAKE_BOT_APP_ID }} | |
private_key: ${{ secrets.MAKE_BOT_APP_PEM }} | |
- name: Get label data | |
env: | |
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} | |
ORGANIZATION: ${{ vars.ORGANIZATION_NAME }} | |
REPOSITORY_NAME: ${{ vars.REPOSITORY_NAME }} | |
DEPLOYMENT_LABEL_NAME: ${{ vars.DEPLOYMENT_LABEL_NAME }} | |
run: | | |
gh api graphql -f query=' | |
query ($org: String!, $repoName: String!) { | |
organization(login: $org) { | |
repository(name: $repoName) { | |
labels(first: 100) { | |
nodes { | |
id | |
name | |
} | |
} | |
} | |
} | |
}' -f org="$ORGANIZATION" -f repoName="$REPOSITORY_NAME" > repo_data.json | |
# The ID of this repository's deployment label | |
echo "LABEL_ID=$(jq --arg LABEL_NAME "$DEPLOYMENT_LABEL_NAME" -r '.data.organization.repository.labels.nodes[] | select(.name==$LABEL_NAME) | .id' repo_data.json)" >> "$GITHUB_ENV" | |
- name: Label deployment pull request | |
# Add the deployment label if the PR merges the development branch into the production branch, | |
# and it doesn't already have the deployment label | |
if: ${{ github.base_ref == vars.PRODUCTION_BRANCH_NAME && github.head_ref == vars.DEVELOPMENT_BRANCH_NAME | |
&& !contains(github.event.pull_request.labels.*.name, vars.DEPLOYMENT_LABEL_NAME) }} | |
env: | |
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} | |
CONTENT_ID: ${{ github.event.pull_request.node_id }} | |
run: | | |
gh api graphql -f query=' | |
mutation ($content: ID!, $label: ID!) { | |
addLabelsToLabelable(input: {labelableId: $content, labelIds: [$label]}) { | |
labelable { | |
labels { | |
totalCount | |
} | |
} | |
} | |
}' -f content="$CONTENT_ID" -f label="$LABEL_ID" --silent | |
- name: Remove label from non-deployment pull request | |
# Remove the deployment label if the PR is not for merging the development branch into the production branch | |
if: ${{ (github.base_ref != vars.PRODUCTION_BRANCH_NAME || github.head_ref != vars.DEVELOPMENT_BRANCH_NAME) | |
&& contains(github.event.pull_request.labels.*.name, vars.DEPLOYMENT_LABEL_NAME) }} | |
env: | |
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} | |
CONTENT_ID: ${{ github.event.pull_request.node_id }} | |
run: | | |
gh api graphql -f query=' | |
mutation ($content: ID!, $label: ID!) { | |
removeLabelsFromLabelable(input: {labelableId: $content, labelIds: [$label]}) { | |
labelable { | |
labels { | |
totalCount | |
} | |
} | |
} | |
}' -f content="$CONTENT_ID" -f label="$LABEL_ID" --silent |