Skip to content

Allow tox workflow to receive an optional environment argument #491

Allow tox workflow to receive an optional environment argument

Allow tox workflow to receive an optional environment argument #491

Workflow file for this run

---
# ack workflow runs on any change made to a pull-request and aims to verify
# that is following our practices. Initial version is checking correct label
# presence.
name: ack
on:
issues:
types: [opened, reopened]
pull_request_target:
types: [opened, labeled, unlabeled, synchronize]
workflow_call: # allows reuse of this workflow from other devtools repos
secrets:
BOT_PAT:
required: false
jobs:
ack:
runs-on: ubuntu-24.04
environment: ack
env:
BOT_PAT: ${{ secrets.BOT_PAT || secrets.ANSIBUDDY_BOT_PAT }}
permissions:
checks: write
contents: write # needed to update release
pull-requests: write # pr approval and merge
steps:
- name: Checkout
uses: actions/checkout@v4
# Use of release drafter action for adding semantic labels based on
# either title, body or source branch name. We ignore potential failure
# of this step.
- name: Auto-add labels
if: github.event.action == 'opened' && github.event.issue.labels.length == 0
uses: release-drafter/release-drafter@v6
with:
# we only want to use the auto-labeler bits:
disable-autolabeler: false
disable-releaser: true
# config from .github/release-drafter.yml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
continue-on-error: true
- name: Verify PR label action
uses: mheap/github-action-required-labels@v5
with:
mode: exactly
count: 1
add_comment: true
exit_type: failure
labels: |
bug
enhancement
major
minor
patch
skip-changelog
- name: Update release notes if this is already merged
if: github.event.pull_request.merged == true
uses: release-drafter/release-drafter@v6
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Add issue or pull-request to 'devtools' project
# Workaround for running this step only if BOT_PAT secret is found
if: env.BOT_PAT != null
uses: actions/add-to-project@main
with:
project-url: https://github.com/orgs/ansible/projects/86
# Do not use secrets.GITHUB_TOKEN here because it does not have
# access to projects. Only personal access tokens (PAT) can be used.
github-token: ${{ env.BOT_PAT }}
# labeled: skip-changelog
# label-operator: NOT
- name: Dump GitHub context
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: echo "$GITHUB_CONTEXT"
# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#approve-a-pull-request
- name: Enable auto-merge for safe bots PRs
if: env.BOT_PAT != null && contains(fromJson('["dependabot[bot]", "pre-commit-ci[bot]"]'), github.event.pull_request.user.login)
run: gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ env.BOT_PAT }}
- name: Approve a PR
if: env.BOT_PAT != null && contains(fromJson('["dependabot[bot]", "pre-commit-ci[bot]"]'), github.event.pull_request.user.login)
run: gh pr review --approve "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GH_TOKEN: ${{ env.BOT_PAT }}