Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Actions] Bump autorebase.yml to v1.8 #37584

Closed
wants to merge 2 commits into from
Closed

[Actions] Bump autorebase.yml to v1.8 #37584

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
76a63ce
[Actions] Bump `autorebase.yml` to `v1.8`
Pranav-yadav May 26, 2023
8f351d3
Apply suggestions from code review
Pranav-yadav May 31, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 10 additions & 7 deletions .github/workflows/autorebase.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,24 +1,27 @@
name: Automatic Rebase
# This workflow is used to automatically rebase a PR when a comment is made
# containing the text "/rebase". It uses the cirrus-actions/rebase action.
# See https://github.com/cirrus-actions/rebase
on:
issue_comment:
types: [created]
permissions:
contents: read
jobs:
rebase:
permissions:
contents: write # for cirrus-actions/rebase to push code to rebase
pull-requests: read # for cirrus-actions/rebase to get info about PR
name: Rebase
if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase')
permissions:
contents: write # for cirrus-actions/rebase to push code to rebase
pull-requests: read # for cirrus-actions/rebase to get info about PR
runs-on: ubuntu-latest
if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase')
steps:
- name: Checkout the latest code
uses: actions/checkout@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
token: ${{ secrets.GITHUB_TOKEN }} # TODO: consider using a PAT with required permissions
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need those TODOs? We actually want to use built-in GitHub Action's CI

Copy link
Contributor Author

@Pranav-yadav Pranav-yadav May 31, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, I was unsure, which permissions are allowed/set for the token, and as PATs are always better than the default token because of the more fine-grained control they provide us hence, added that comment.

But, as we can see the defaults set/allowed permission here (e.g.): https://github.com/facebook/react-native/actions/runs/5053438769/jobs/9067284908#step:1:16

So, no worries. Removing Removed the comments...

Ref: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

Pranav-yadav marked this conversation as resolved.
Show resolved Hide resolved
fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
- name: Automatic Rebase
uses: cirrus-actions/rebase@1.7
uses: cirrus-actions/rebase@1.8
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # TODO: consider using a PAT with required permissions
Pranav-yadav marked this conversation as resolved.
Show resolved Hide resolved