-
Notifications
You must be signed in to change notification settings - Fork 76
28 lines (25 loc) · 1.17 KB
/
backport.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
name: Backport
on:
# NOTE(negz): This is a risky target, but we run this action only when and if
# a PR is closed, then filter down to specifically merged PRs. We also don't
# invoke any scripts, etc from within the repo. I believe the fact that we'll
# be able to review PRs before this runs makes this fairly safe.
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
pull_request_target:
types: [closed]
# See also commands.yml for the /backport triggered variant of this workflow.
jobs:
# NOTE(negz): I tested many backport GitHub actions before landing on this
# one. Many do not support merge commits, or do not support pull requests with
# more than one commit. This one does. It also handily links backport PRs with
# new PRs, and provides commentary and instructions when it can't backport.
# The main gotcha with this action is that PRs _must_ be labelled before they're
# merged to trigger a backport.
open-pr:
runs-on: ubuntu-22.04
if: github.event.pull_request.merged
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Open Backport PR
uses: korthout/backport-action@v1