tauri-apps/archived-tauri-docs
1
0
Fork 0
mirror of https://github.com/tauri-apps/tauri-docs.git synced 2026-01-31 00:35:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

ci: Fix token permissions (#2514)

Browse Source
This commit is contained in:
Fabian-Lars
2024-08-08 18:09:00 +02:00
committed by GitHub
parent 3874e90977
commit 406c23cdab
3 changed files with 38 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.github/workflows/assign.yml vendored
View File

@@ -1,7 +1,7 @@
name: 'Auto Assign'
on:
pull_request:
pull_request_target:
types: [opened]
jobs:
@@ -10,11 +10,5 @@ jobs:
steps:
- name: Auto-assign PR to author
env:
GH_TOKEN: ${{ secrets.ORG_TAURI_BOT_PAT }}
run: |
pr_number=${{ github.event.pull_request.number }}
pr_author=${{ github.event.pull_request.user.login }}
gh api -X POST \
-H "Accept: application/vnd.github+json" \
"/repos/${{ github.repository }}/issues/${pr_number}/assignees" \
-f assignees='["'${pr_author}'"]'
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh pr edit ${{ github.event.pull_request.number }} --add-assignee ${{ github.event.pull_request.user.login }} -R ${{ github.repository }}

93
.github/workflows/priority.yml vendored
View File

@@ -3,103 +3,38 @@ name: 'Priority Updater'
on:
issues:
types: [opened]
pull_request:
pull_request_target:
types: [opened]
jobs:
set_statuses:
runs-on: ubuntu-latest
if: ${{ !contains(github.event.issue.labels.*.name, 'manual') && !contains(github.event.pull_request.labels.*.name, 'manual') }}
permissions:
pull-requests: write
issues: write
env:
GITHUB_TOKEN: ${{ secrets.ORG_TAURI_BOT_PAT }}
steps:
- name: Set up GitHub CLI
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token
- name: Get project data
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ORGANIZATION: tauri-apps
PROJECT_NUMBER: 27
GH_TOKEN: ${{ secrets.TEST_TOKEN }}
run: |
gh api graphql -f query='
query($org: String!, $number: Int!) {
organization(login: $org){
projectV2(number: $number) {
id
fields(first: 20) {
nodes {
... on ProjectV2Field {
id
name
}
... on ProjectV2SingleSelectField {
id
name
options {
id
name
}
}
}
}
}
}
}' -f org=$ORGANIZATION -F number=$PROJECT_NUMBER > project_data.json
echo 'PROJECT_ID='$(jq '.data.organization.projectV2.id' project_data.json) >> $GITHUB_ENV
echo 'PRIORITY_FIELD_ID='$(jq '.data.organization.projectV2.fields.nodes[] | select(.name== "Priority") | .id' project_data.json) >> $GITHUB_ENV
echo 'LOW_PRIORITY_ID='$(jq '.data.organization.projectV2.fields.nodes[] | select(.name== "Priority") | .options[] | select(.name=="Low") |.id' project_data.json) >> $GITHUB_ENV
echo 'MEDIUM_PRIORITY_ID='$(jq '.data.organization.projectV2.fields.nodes[] | select(.name== "Priority") | .options[] | select(.name=="Medium") |.id' project_data.json) >> $GITHUB_ENV
echo 'HIGH_PRIORITY_ID='$(jq '.data.organization.projectV2.fields.nodes[] | select(.name== "Priority") | .options[] | select(.name=="High") |.id' project_data.json) >> $GITHUB_ENV
echo 'CRITICAL_PRIORITY_ID='$(jq '.data.organization.projectV2.fields.nodes[] | select(.name== "Priority") | .options[] | select(.name=="Critical") |.id' project_data.json) >> $GITHUB_ENV
echo "PROJECT_ID=$(gh project view 27 --owner tauri-apps --format json --jq '.id')" >> $GITHUB_ENV
gh project field-list 27 --owner tauri-apps --format json > project_data.json
echo 'PRIORITY_FIELD_ID='$(jq '.fields[] | select(.name== "Priority") | .id' project_data.json) >> $GITHUB_ENV
echo 'LOW_PRIORITY_ID='$(jq '.fields[] | select(.name== "Priority") | .options[] | select(.name=="Low") | .id' project_data.json) >> $GITHUB_ENV
echo 'MEDIUM_PRIORITY_ID='$(jq '.fields[] | select(.name== "Priority") | .options[] | select(.name=="Medium") | .id' project_data.json) >> $GITHUB_ENV
echo 'HIGH_PRIORITY_ID='$(jq '.fields[] | select(.name== "Priority") | .options[] | select(.name=="High") | .id' project_data.json) >> $GITHUB_ENV
echo 'CRITICAL_PRIORITY_ID='$(jq '.fields[] | select(.name== "Priority") | .options[] | select(.name=="Critical") | .id' project_data.json) >> $GITHUB_ENV
- name: Default priority
run: |
echo 'PRIORITY_ID='${{ env.LOW_PRIORITY_ID }} >> $GITHUB_ENV
- name: Add/get item id
- name: Add project item / Get item id
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_TOKEN: ${{ secrets.TEST_TOKEN }}
run: |
if [ "${{ github.event.pull_request.node_id }}" != "" ]; then
echo "NODE_ID=${{ github.event.pull_request.node_id }}" >> $GITHUB_ENV
else
echo "NODE_ID=${{ github.event.issue.node_id }}" >> $GITHUB_ENV
fi
item_id=$(gh api graphql -f query='
mutation($project: ID!, $node: ID!) {
addProjectV2ItemById(input: {projectId: $project, contentId: $node}) {
item {
id
}
}
}' -f project=$PROJECT_ID -f node=$NODE_ID --jq '.data.addProjectV2ItemById.item.id')
echo 'ITEM_ID='$item_id >> $GITHUB_ENV
echo "ITEM_ID=$(gh project item-add 27 --owner tauri-apps --url https://github.com/tauri-apps/tauri-docs/issues/${{ github.event.pull_request.number || github.event.issue.number }} --format json --jq '.id')" >> $GITHUB_ENV
- name: Set fields
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_TOKEN: ${{ secrets.TEST_TOKEN }}
run: |
gh api graphql -f query='
mutation (
$project: ID!
$item: ID!
$priority_field: ID!
$priority_value: String!
) {
set_priority: updateProjectV2ItemFieldValue(input: {
projectId: $project
itemId: $item
fieldId: $priority_field
value: {
singleSelectOptionId: $priority_value
}
}) {
projectV2Item {
id
}
}
}' -f project=${{ env.PROJECT_ID }} -f item=${{ env.ITEM_ID }} -f priority_field=${{ env.PRIORITY_FIELD_ID }} -f priority_value=${{ env.PRIORITY_ID }} --silent
gh project item-edit --id ${{ env.ITEM_ID }} --project-id ${{ env.PROJECT_ID }} --field-id ${{ env.PRIORITY_FIELD_ID }} --single-select-option-id ${{ env.PRIORITY_ID }}

107
.github/workflows/status.yml vendored
View File

@@ -2,7 +2,7 @@ name: 'Status Updater'
on:
issues:
pull_request:
pull_request_target:
jobs:
set_statuses:
@@ -11,116 +11,51 @@ jobs:
steps:
- name: Get project data
env:
GH_TOKEN: ${{ secrets.ORG_TAURI_BOT_PAT }}
ORGANIZATION: tauri-apps
PROJECT_NUMBER: 27
GH_TOKEN: ${{ secrets.TEST_TOKEN }}
run: |
gh api graphql -f query='
query($org: String!, $number: Int!) {
organization(login: $org){
projectV2(number: $number) {
id
fields(first: 20) {
nodes {
... on ProjectV2Field {
id
name
}
... on ProjectV2SingleSelectField {
id
name
options {
id
name
}
}
}
}
}
}
}' -f org=$ORGANIZATION -F number=$PROJECT_NUMBER > project_data.json
echo 'PROJECT_ID='$(jq '.data.organization.projectV2.id' project_data.json) >> $GITHUB_ENV
echo 'STATUS_FIELD_ID='$(jq '.data.organization.projectV2.fields.nodes[] | select(.name== "Status") | .id' project_data.json) >> $GITHUB_ENV
echo 'BACKLOG_STATUS_ID='$(jq '.data.organization.projectV2.fields.nodes[] | select(.name== "Status") | .options[] | select(.name=="🪵 Backlog") |.id' project_data.json) >> $GITHUB_ENV
echo 'READY_STATUS_ID='$(jq '.data.organization.projectV2.fields.nodes[] | select(.name== "Status") | .options[] | select(.name=="💪 Ready") |.id' project_data.json) >> $GITHUB_ENV
echo 'IN_PROGRESS_STATUS_ID='$(jq '.data.organization.projectV2.fields.nodes[] | select(.name== "Status") | .options[] | select(.name=="🏗️ In progress") |.id' project_data.json) >> $GITHUB_ENV
echo 'IN_REVIEW_STATUS_ID='$(jq '.data.organization.projectV2.fields.nodes[] | select(.name== "Status") | .options[] | select(.name=="📋 In review") |.id' project_data.json) >> $GITHUB_ENV
echo 'DONE_STATUS_ID='$(jq '.data.organization.projectV2.fields.nodes[] | select(.name== "Status") | .options[] | select(.name=="✅ Done") |.id' project_data.json) >> $GITHUB_ENV
echo "PROJECT_ID=$(gh project view 27 --owner tauri-apps --format json --jq '.id')" >> $GITHUB_ENV
gh project field-list 27 --owner tauri-apps --format json > project_data.json
echo 'STATUS_FIELD_ID='$(jq '.fields[] | select(.name== "Status") | .id' project_data.json) >> $GITHUB_ENV
echo 'BACKLOG_STATUS_ID='$(jq '.fields[] | select(.name== "Status") | .options[] | select(.name=="🪵 Backlog") | .id' project_data.json) >> $GITHUB_ENV
echo 'READY_STATUS_ID='$(jq '.fields[] | select(.name== "Status") | .options[] | select(.name=="💪 Ready") | .id' project_data.json) >> $GITHUB_ENV
echo 'IN_PROGRESS_STATUS_ID='$(jq '.fields[] | select(.name== "Status") | .options[] | select(.name=="🏗️ In progress") | .id' project_data.json) >> $GITHUB_ENV
echo 'IN_REVIEW_STATUS_ID='$(jq '.fields[] | select(.name== "Status") | .options[] | select(.name=="📋 In review") | .id' project_data.json) >> $GITHUB_ENV
echo 'DONE_STATUS_ID='$(jq '.fields[] | select(.name== "Status") | .options[] | select(.name=="✅ Done") | .id' project_data.json) >> $GITHUB_ENV
- name: Add/get item id
- name: Add project item / Get item id
env:
GH_TOKEN: ${{ secrets.ORG_TAURI_BOT_PAT }}
run: |
if [ "${{ github.event.pull_request.node_id }}" != "" ]; then
echo "NODE_ID=${{ github.event.pull_request.node_id }}" >> $GITHUB_ENV
else
echo "NODE_ID=${{ github.event.issue.node_id }}" >> $GITHUB_ENV
fi
item_id=$(gh api graphql -f query='
mutation($project: ID!, $node: ID!) {
addProjectV2ItemById(input: {projectId: $project, contentId: $node}) {
item {
id
}
}
}' -f project=$PROJECT_ID -f node=$NODE_ID --jq '.data.addProjectV2ItemById.item.id')
echo 'ITEM_ID='$item_id >> $GITHUB_ENV
GH_TOKEN: ${{ secrets.TEST_TOKEN }}
run: echo "ITEM_ID=$(gh project item-add 27 --owner tauri-apps --url https://github.com/tauri-apps/tauri-docs/issues/${{ github.event.pull_request.number || github.event.issue.number }} --format json --jq '.id')" >> $GITHUB_ENV
#===== PULL REQUESTS =====#
- name: Is In progress
if: ${{ github.event_name == 'pull_request' && (github.event.pull_request.draft == true || github.event.pull_request.mergeable == false) }}
run: |
echo 'STATUS_ID='${{ env.IN_PROGRESS_STATUS_ID }} >> $GITHUB_ENV
run: echo 'STATUS_ID='${{ env.IN_PROGRESS_STATUS_ID }} >> $GITHUB_ENV
- name: Is In review
if: ${{ github.event_name == 'pull_request' && github.event.pull_request.draft == false && github.event.pull_request.mergeable == true }}
run: |
echo 'STATUS_ID='${{ env.IN_REVIEW_STATUS_ID }} >> $GITHUB_ENV
run: echo 'STATUS_ID='${{ env.IN_REVIEW_STATUS_ID }} >> $GITHUB_ENV
#===== END PULL REQUESTS =====#
#===== ISSUES =====#
- name: Is Ready
if: ${{ github.event_name == 'issues' && (github.event.issue.labels[0] != null && github.event.issue.milestone != null) }}
run: |
echo 'STATUS_ID='${{ env.READY_STATUS_ID }} >> $GITHUB_ENV
run: echo 'STATUS_ID='${{ env.READY_STATUS_ID }} >> $GITHUB_ENV
- name: Is In progress
if: ${{ github.event_name == 'issues' && (github.event.issue.labels[0] != null && github.event.issue.milestone != null && github.event.issue.assignees[0] != null) }}
run: |
echo 'STATUS_ID='${{ env.IN_PROGRESS_STATUS_ID }} >> $GITHUB_ENV
run: echo 'STATUS_ID='${{ env.IN_PROGRESS_STATUS_ID }} >> $GITHUB_ENV
- name: Is In review
if: ${{ github.event_name == 'issues' && (github.event.issue.labels[0] != null && github.event.issue.pull_request.merged_at != null) }}
run: |
echo 'STATUS_ID='${{ env.IN_REVIEW_STATUS_ID }} >> $GITHUB_ENV
run: echo 'STATUS_ID='${{ env.IN_REVIEW_STATUS_ID }} >> $GITHUB_ENV
- name: Is Backlog
if: ${{ github.event_name == 'issues' && (github.event.issue.labels[0] == null || github.event.issue.milestone == null || contains(github.event.issue.labels.*.name, 'upstream') || contains(github.event.issue.labels.*.name, 'discuss')) }}
run: |
echo 'STATUS_ID='${{ env.BACKLOG_STATUS_ID }} >> $GITHUB_ENV
run: echo 'STATUS_ID='${{ env.BACKLOG_STATUS_ID }} >> $GITHUB_ENV
#===== END ISSUES =====#
- name: Set fields
env:
GH_TOKEN: ${{ secrets.ORG_TAURI_BOT_PAT }}
run: |
gh api graphql -f query='
mutation (
$project: ID!
$item: ID!
$status_field: ID!
$status_value: String!
) {
set_status: updateProjectV2ItemFieldValue(input: {
projectId: $project
itemId: $item
fieldId: $status_field
value: {
singleSelectOptionId: $status_value
}
}) {
projectV2Item {
id
}
}
}' -f project=${{ env.PROJECT_ID }} -f item=${{ env.ITEM_ID }} -f status_field=${{ env.STATUS_FIELD_ID }} -f status_value=${{ env.STATUS_ID }} --silent
GH_TOKEN: ${{ secrets.TEST_TOKEN }}
run: gh project item-edit --id ${{ env.ITEM_ID }} --project-id ${{ env.PROJECT_ID }} --field-id ${{ env.STATUS_FIELD_ID }} --single-select-option-id ${{ env.STATUS_ID }}