From 6d5f72736b7381dc4066b5840af41b4e60073fb6 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Tue, 26 Mar 2024 18:42:26 +0000
Subject: [PATCH] Update backport workflow to latest versions (#555)

Bumps VachaShah/backport and tibdex/github-app-token to latest versions.

Signed-off-by: Marc Handalian <marc.handalian@gmail.com>
(cherry picked from commit b1139493814f20511dead2bef19d6a2fb896498e)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
---
 .github/workflows/backport.yml | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
index e47d8d88..068f12a1 100644
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@@ -8,6 +8,17 @@ on:
 jobs:
   backport:
     runs-on: ubuntu-latest
+    # Only react to merged PRs for security reasons.
+    # See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target.
+    if: >
+      github.event.pull_request.merged
+      && (
+        github.event.action == 'closed'
+        || (
+          github.event.action == 'labeled'
+          && contains(github.event.label.name, 'backport')
+        )
+      )
     permissions:
       contents: write
       pull-requests: write
@@ -15,14 +26,15 @@ jobs:
     steps:
       - name: GitHub App token
         id: github_app_token
-        uses: tibdex/github-app-token@v1.5.0
+        uses: tibdex/github-app-token@v2.1.0
         with:
           app_id: ${{ secrets.APP_ID }}
           private_key: ${{ secrets.APP_PRIVATE_KEY }}
           installation_id: 22958780
 
       - name: Backport
-        uses: VachaShah/backport@v1.1.4
+        uses: VachaShah/backport@v2.2.0
         with:
           github_token: ${{ steps.github_app_token.outputs.token }}
-          branch_name: backport/backport-${{ github.event.number }}
+          head_template: backport/backport-<%= number %>-to-<%= base %>
+          failure_labels: backport-failed