.github/workflows/backport.yml

   1 name: Backport
   2 on:
   3   pull_request_target:
   4     types: [closed, labeled]
   5
   6 # WARNING:
   7 # When extending this action, be aware that $GITHUB_TOKEN allows write access to
   8 # the GitHub repository. This means that it should not evaluate user input in a
   9 # way that allows code injection.
  10
  11 permissions:
  12   contents: read
  13
  14 jobs:
  15   backport:
  16     permissions:
  17       contents: write # for korthout/backport-action to create branch
  18       pull-requests: write # for korthout/backport-action to create PR to backport
  19     name: Backport Pull Request
  20     if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
  21     runs-on: ubuntu-latest
  22     steps:
  23       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  24         with:
  25           ref: ${{ github.event.pull_request.head.sha }}
  26       - name: Create backport PRs
  27         uses: korthout/backport-action@bd410d37cdcae80be6d969823ff5a225fe5c833f # v3.0.2
  28         with:
  29           # Config README: https://github.com/korthout/backport-action#backport-action
  30           copy_labels_pattern: 'severity:\ssecurity'
  31           pull_description: |-
  32             Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}.
  33
  34             * [ ] Before merging, ensure that this backport is [acceptable for the release](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#changes-acceptable-for-releases).
  35               * Even as a non-commiter, if you find that it is not acceptable, leave a comment.