Skip to content

feat(cloud-native): secure mounted configuration schema #886

feat(cloud-native): secure mounted configuration schema

feat(cloud-native): secure mounted configuration schema #886

name: Backport
on:
pull_request_target:
types: [closed, labeled]
branches: [main, release-*]
permissions:
contents: read
pull-requests: read
# WARNING:
# When extending this action, be aware that $GITHUB_TOKEN allows write access to
# the GitHub repository. This means that it should not evaluate user input in a
# way that allows code injection.
jobs:
backport:
permissions:
contents: write # so it can comment
pull-requests: write # so it can create pull requests
name: Backport Pull Request
# Run the action if a PR is merged with backport labels
# OR
# when already merged PR is labeled with backport labels
if: >
github.repository == 'JanssenProject/jans'
&&
github.event.pull_request.merged
&& (
github.event.action == 'closed'
|| (
github.event.action == 'labeled'
&& startsWith(github.event.label.name, 'backport/')
)
)
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Create backport PRs
uses: korthout/backport-action@e8161d6a0dbfa2651b7daa76cbb75bc7c925bbf3 # v2.4.1
with:
# Config README: https://github.com/zeebe-io/backport-action#backport-action
github_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}
github_workspace: ${{ github.workspace }}
# Regex pattern to match GitHub labels
# The capture group catches the target branch
# i.e. label backport/v1.0.0 will create backport PR for branch v1.0.0
label_pattern: ^backport\/([^ ]+)$
pull_description: |-
Automated backport to `${target_branch}`, triggered by a label in #${pull_number}.
See ${issue_refs}.