mirror of https://github.com/grafana/grafana.git
97 lines
3.4 KiB
YAML
97 lines
3.4 KiB
YAML
name: Add issues to Skye project board
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
manual_issue_number:
|
|
description: 'Issue to add to project'
|
|
required: false
|
|
type: number
|
|
# Ideally we could trigger this for PRs as well, but getting the secrets on that is tricky
|
|
# so we just won't bother for now
|
|
issues:
|
|
types: [opened]
|
|
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
|
|
env:
|
|
ORGANIZATION: grafana
|
|
REPO: grafana
|
|
PROJECT_ID: "PVT_kwDOAG3Mbc4AxfcI" # Retrieved manually from GitHub GraphQL Explorer
|
|
|
|
concurrency:
|
|
group: skye-add-to-project-${{ github.event.number }}
|
|
|
|
jobs:
|
|
main:
|
|
if: github.repository == 'grafana/grafana'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: "Get vault secrets"
|
|
id: vault-secrets
|
|
uses: grafana/shared-workflows/actions/get-vault-secrets@main # zizmor: ignore[unpinned-uses]
|
|
with:
|
|
# Vault secret paths:
|
|
# - ci/repo/grafana/grafana/grafana_pr_automation_app
|
|
# - ci/repo/grafana/grafana/frontend_platform_skye_usernames (comma separated list of usernames)
|
|
repo_secrets: |
|
|
GH_APP_ID=grafana_pr_automation_app:app_id
|
|
GH_APP_PEM=grafana_pr_automation_app:app_pem
|
|
ALLOWED_USERS=frontend_platform_skye_usernames:allowed_users
|
|
|
|
- name: Generate token
|
|
id: generate_token
|
|
uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
|
|
with:
|
|
app_id: ${{ env.GH_APP_ID }}
|
|
private_key: ${{ env.GH_APP_PEM }}
|
|
|
|
# We do the check in the Github Actions expression and then export it to the output
|
|
# to reuse it
|
|
- name: Check if user is allowed
|
|
id: check_user
|
|
env:
|
|
USER_IS_ALLOWED: ${{ contains(fromJSON(env.ALLOWED_USERS), github.event.sender.login) }}
|
|
run: |
|
|
echo "user_allowed=${USER_IS_ALLOWED}" >> "$GITHUB_OUTPUT"
|
|
|
|
# Convert the issue to a node ID for the GraphQL API
|
|
- name: Get node ID for item
|
|
if: steps.check_user.outputs.user_allowed == 'true'
|
|
id: get_node_id
|
|
uses: octokit/graphql-action@51bf543c240dcd14761320e2efc625dc32ec0d32
|
|
with:
|
|
query: |
|
|
query getNodeId($owner: String!, $repo: String!, $number: Int!) {
|
|
repository(owner: $owner, name: $repo) {
|
|
issueOrPullRequest(number: $number) {
|
|
... on Issue { id }
|
|
... on PullRequest { id }
|
|
}
|
|
}
|
|
}
|
|
variables: |
|
|
owner: ${{ env.ORGANIZATION }}
|
|
repo: ${{ env.REPO }}
|
|
number: ${{ github.event.number || github.event.inputs.manual_issue_number }}
|
|
env:
|
|
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
|
|
|
|
# Finally, add the issue to the project board
|
|
- name: Add to project board
|
|
if: steps.check_user.outputs.user_allowed == 'true'
|
|
uses: octokit/graphql-action@51bf543c240dcd14761320e2efc625dc32ec0d32
|
|
with:
|
|
query: |
|
|
mutation addItem($projectid: ID!, $itemid: ID!) {
|
|
addProjectV2ItemById(input: {projectId: $projectid, contentId: $itemid}) {
|
|
item { id }
|
|
}
|
|
}
|
|
variables: |
|
|
projectid: ${{ env.PROJECT_ID }}
|
|
itemid: ${{ fromJSON(steps.get_node_id.outputs.data).repository.issueOrPullRequest.id }}
|
|
env:
|
|
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
|