Use federated connections for storage account and apiscan access #1511
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Backport PR to branch | |
on: | |
issue_comment: | |
types: [created] | |
permissions: {} | |
jobs: | |
backport: | |
if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/backport to') && contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.comment.author_association) | |
runs-on: ubuntu-20.04 | |
permissions: | |
contents: write | |
issues: write | |
pull-requests: write | |
steps: | |
- name: Extract backport target branch | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea | |
id: target-branch-extractor | |
with: | |
result-encoding: string | |
script: | | |
if (context.eventName !== "issue_comment") throw "Error: This action only works on issue_comment events."; | |
// extract the target branch name from the trigger phrase containing these characters: a-z, A-Z, digits, forward slash, dot, hyphen, underscore | |
const regex = /\/backport to ([a-zA-Z\d\/\.\-\_]+)/; | |
target_branch = regex.exec(context.payload.comment.body); | |
if (target_branch == null) throw "Error: No backport branch found in the trigger phrase."; | |
return target_branch[1]; | |
- name: Post backport started comment to pull request | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea | |
with: | |
script: | | |
const backport_start_body = `Started backporting to ${{ steps.target-branch-extractor.outputs.result }}: https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${process.env.GITHUB_RUN_ID}`; | |
await github.rest.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: backport_start_body | |
}); | |
- name: Checkout repo | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
with: | |
persist-credentials: true # We need to persist credentials to push the resulting changes upstream. | |
fetch-depth: 0 | |
- name: Run backport | |
uses: ./eng/actions/backport | |
with: | |
target_branch: ${{ steps.target-branch-extractor.outputs.result }} | |
auth_token: ${{ secrets.GITHUB_TOKEN }} | |
exclude: 'documentation/**.md' | |
label: backport |