Git Product home page Git Product logo

attach-next-milestone-action's Introduction

Attach Next Milestone Action

This action attaches the next open milestone to merged PRs.

Currently, this action only looks at milestones that can be parsed as version numbers.

A typical job would look like this:

# .github/workflows/milestone-merged-prs.yaml

name: Milestone

on:
  pull_request_target:
    types:
      - closed
    branches:
      - 'main'

jobs:
  milestone_pr:
    name: attach to PR
    if: github.event.pull_request.merged == true
    runs-on: ubuntu-latest
    steps:
      - uses: scientific-python/attach-next-milestone-action@a4889cfde7d2578c1bc7400480d93910d2dd34f6
        with:
          token: ${{ secrets.MILESTONE_LABELER_TOKEN }}

To use the above, you will need to set a repository secret MILESTONE_LABELER_TOKEN to a fine-grained access token that has permissions to modify PRs. If you are generating a token for your org, you first need to enable fine-grained access tokens at https://github.com/organizations/<YOUR-ORGANIZATION>/settings/personal-access-tokens-onboarding.

You can generate the token itself at https://github.com/settings/apps.

  1. Personal access tokens -> Fine-grained tokens. Generate new token.
  2. Select the org which owns the code repository. If you don't see your organization listed, you first need to onboard it.
  3. Choose "Only Select Repositories", and choose the correct one.
  4. Permissions: Repository Permissions -> Pull Requests. Access: Read and write.
  5. Generate the token. If an error appears saying "Sorry, something went wrong", ignore it.

Copy the token, and navigate to your code repository. Under Settings -> Secrets and variables -> Actions, add a repository secret named MILESTONE_LABELER_TOKEN, and set its contents to the generated token.

Options

In the with clause, the following options are available:

  • force: true : Overwrite existing milestones.

Warning!

The workflow above runs as pull_request_target, meaning it has access to repository secrets. This is not usually a problem, since our action does nothing but attach a milestone to a PR using the provided token. But, you should not add further commands to the workflow, such as checking out the PR and executing code from it. If you do that, PR authors can gain access to your secrets.

attach-next-milestone-action's People

Stargazers

avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

lagru jarrodmillman bsipocz

attach-next-milestone-action's Issues

Example working deployment?

I am interesting in this but I am surprised it does not need a Dockerfile and entrypoint shell script, since the Action was written in Python and not browser-native language like NodeJS. Is this being used anywhere? I wish to see how it is working in production. Thanks!

About that security warning

To remove the security warning, theoretically you could run this action only on push commit to main, then you can check if it is a merge commit and if the merge commit was created from merging a PR. If not, then just a no-op, but yes, then you run the milestone thingy.

Milestoning backports

Some projects have release branches. In those cases, they might use the backport bot to open a backport PR to the backport branch of something that is already merged into main. Or they can be doing a manual backport.

Would be nice to be able to auto milestone those too.

Example:

  1. PR 1234 was merged into main. Got auto-milestoned to next major/minor release (depending how strict of a semver follower you are).
  2. Backport bot opens PR 1235 that backports PR 1234 to v0.1.x branch. Would be nice if this gets auto-milestone to the next bugfix release milestone in the v0.1.x series.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.