Skip to content

--no-color option #4329

--no-color option

--no-color option #4329

Workflow file for this run

name: Automatic Backporting
on:
issue_comment:
types: [created]
jobs:
check_permission:
name: Check comment author permissions
runs-on: ubuntu-2404-2core
outputs:
is_maintainer: ${{ steps.check_permission.outputs.is_maintainer }}
steps:
- name: Check permission
id: check_permission
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
PERMISSION=$(gh api /repos/$GITHUB_REPOSITORY/collaborators/$GITHUB_ACTOR/permission --jq '.permission')
if [ "$PERMISSION" == "admin" ] || [ "$PERMISSION" == "write" ]; then
echo "is_maintainer=true" >> $GITHUB_OUTPUT
else
echo "is_maintainer=false" >> $GITHUB_OUTPUT
fi
backport:
name: Backport PR
needs: check_permission # run this job after checking permissions
if: |
needs.check_permission.outputs.is_maintainer == 'true' &&
github.event.issue.pull_request &&
github.event.issue.pull_request.merged_at != null &&
startsWith(github.event.comment.body, '@aqua-bot backport release/')
runs-on: ubuntu-2404-2core
steps:
# GITHUB_TOKEN cannot trigger workflows on PRs it creates, so the backport
# PR would not run CI — generate a GitHub App installation token instead.
- name: Generate token
id: app-token
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
with:
client-id: ${{ secrets.REPO_TRIVY_WRITE_GH_APP_CLIENT_ID }}
private-key: ${{ secrets.REPO_TRIVY_WRITE_GH_APP_PRIVATE_KEY }}
permission-contents: write
permission-pull-requests: write
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
persist-credentials: true # backport.sh runs git push
token: ${{ steps.app-token.outputs.token }}
- name: Extract branch name
env:
COMMENT_BODY: ${{ github.event.comment.body }}
run: |
BRANCH_NAME=$(echo "$COMMENT_BODY" | grep -oE '@aqua-bot backport\s+(\S+)' | awk '{print $3}')
if [[ -z "$BRANCH_NAME" || "$BRANCH_NAME" == *".."* || ! "$BRANCH_NAME" =~ ^[A-Za-z0-9._-]+(/[A-Za-z0-9._-]+)*$ ]]; then
echo "Error: Invalid branch name extracted (unsafe characters detected)." >&2
exit 1
fi
echo "BRANCH_NAME=$BRANCH_NAME" >> "$GITHUB_ENV"
- name: Set up Git user
run: |
git config --global user.email "actions@github.com"
git config --global user.name "GitHub Actions"
- name: Run backport script
env:
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
ISSUE_NUMBER: ${{ github.event.issue.number }}
run: ./misc/backport/backport.sh "$BRANCH_NAME" "$ISSUE_NUMBER"