shaw/SillyTavern
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Workflows Switch all to use app token/app for any PR/issue labeling/commenting action (#4624)

Browse Source 
* ci: switch workflows to use app token/app id authentication

* That wasn't supposed to go in this PR

* chore: refactor to local token minting step [Test]

* chore: expose token output from setup-app-token action and add PR checkout step

* ci: replace checkout and custom app token with create-github-app-token action in PR merge conflict workflow

* ci: add test label action to PR conflict check workflow

* another test...

* I am losing my sanity

* can this work now? please? This action adds my debug level?

* it needs to run always

* let's do it via curl...?

* why did it (totally not me) remove the always() again

* Sorry I screamed at you, Qwen. Does this work?

* refactor: consolidate GitHub App token creation into individual jobs

* chore: remove debug label functionality from merge conflict workflow

* chore: let's figure out why labeler is not behaving

* chore: remove temporary GitHub API token validation check from PR workflow

* ci: ensure workflow jobs run regardless of previous job failures by adding if: always()
This commit is contained in:
Wolfsblvt
2025-10-07 19:49:32 +02:00
committed by GitHub
parent 9a56a2ba2e
commit 806726d737
7 changed files with 220 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/issues-auto-manager.yml
+54 -9
View File
@@ -15,8 +15,19 @@ jobs:
label-on-content:
name: 🏷️ Label Issues by Content
runs-on: ubuntu-latest
if: always()
steps:
- name: Mint App Token
id: app
# Create a GitHub App token
# https://github.com/marketplace/actions/create-github-app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.ST_BOT_APP_ID }}
private-key: ${{ secrets.ST_BOT_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Checkout Repository
# Checkout
# https://github.com/marketplace/actions/checkout
@@ -32,13 +43,25 @@ jobs:
with:
configuration-path: .github/issues-auto-labels.yml
enable-versioned-regex: 0
repo-token: ${{ secrets.ISSUES_BOT_TOKEN }}
repo-token: ${{ steps.app.outputs.token }}
label-on-labels:
name: 🏷️ Label Issues by Labels
needs: [label-on-content]
runs-on: ubuntu-latest
if: always()
steps:
- name: Mint App Token
id: app
# Create a GitHub App token
# https://github.com/marketplace/actions/create-github-app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.ST_BOT_APP_ID }}
private-key: ${{ secrets.ST_BOT_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: ✅ Add "👍 Approved" for relevant labels
if: contains(fromJSON('["👩‍💻 Good First Issue", "🙏 Help Wanted", "🪲 Confirmed", "⚠️ High Priority", "❕ Medium Priority", "💤 Low Priority"]'), github.event.label.name)
# 🤖 Issues Helper
@@ -46,7 +69,7 @@ jobs:
uses: actions-cool/issues-helper@v3.6.0
with:
actions: 'add-labels'
token: ${{ secrets.ISSUES_BOT_TOKEN }}
token: ${{ steps.app.outputs.token }}
labels: '👍 Approved'
- name: ❌ Remove progress labels when issue is marked done or stale
@@ -56,7 +79,7 @@ jobs:
uses: actions-cool/issues-helper@v3.6.0
with:
actions: 'remove-labels'
token: ${{ secrets.ISSUES_BOT_TOKEN }}
token: ${{ steps.app.outputs.token }}
labels: '🧑‍💻 In Progress,🤔 Unsure,🤔 Under Consideration'
- name: ❌ Remove temporary labels when confirmed labels are added
@@ -66,7 +89,7 @@ jobs:
uses: actions-cool/issues-helper@v3.6.0
with:
actions: 'remove-labels'
token: ${{ secrets.ISSUES_BOT_TOKEN }}
token: ${{ steps.app.outputs.token }}
labels: '🤔 Unsure,🤔 Under Consideration'
- name: ❌ Remove no bug labels when "🪲 Confirmed" is added
@@ -76,32 +99,54 @@ jobs:
uses: actions-cool/issues-helper@v3.6.0
with:
actions: 'remove-labels'
token: ${{ secrets.ISSUES_BOT_TOKEN }}
token: ${{ steps.app.outputs.token }}
labels: '✖️ Not Reproducible,✖️ Not A Bug'
remove-stale-label:
name: 🗑️ Remove Stale Label on Comment
needs: [label-on-content, label-on-labels]
runs-on: ubuntu-latest
# Only run this on new comments, to automatically remove the stale label
if: github.event_name == 'issue_comment' && github.actor != 'github-actions[bot]'
if: always() && (github.event_name == 'issue_comment' && github.actor != 'github-actions[bot]')
steps:
- name: Mint App Token
id: app
# Create a GitHub App token
# https://github.com/marketplace/actions/create-github-app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.ST_BOT_APP_ID }}
private-key: ${{ secrets.ST_BOT_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Remove Stale Label
# 🤖 Issues Helper
# https://github.com/marketplace/actions/issues-helper
uses: actions-cool/issues-helper@v3.6.0
with:
actions: 'remove-labels'
token: ${{ secrets.ISSUES_BOT_TOKEN }}
token: ${{ steps.app.outputs.token }}
issue-number: ${{ github.event.issue.number }}
labels: '⚰️ Stale,🕸️ Inactive,🚏 Awaiting User Response,🛑 No Response'
write-auto-comments:
name: 💬 Post Issue Comments Based on Labels
needs: [label-on-content, label-on-labels]
needs: [label-on-content, label-on-labels, remove-stale-label]
runs-on: ubuntu-latest
if: always()
steps:
- name: Mint App Token
id: app
# Create a GitHub App token
# https://github.com/marketplace/actions/create-github-app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.ST_BOT_APP_ID }}
private-key: ${{ secrets.ST_BOT_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Checkout Repository
# Checkout
# https://github.com/marketplace/actions/checkout
@@ -113,4 +158,4 @@ jobs:
uses: peaceiris/actions-label-commenter@v1.10.0
with:
config_file: .github/issues-auto-comments.yml
github_token: ${{ secrets.ISSUES_BOT_TOKEN }}
github_token: ${{ steps.app.outputs.token }}
.github/workflows/issues-updates-on-merge.yml
+12 -1
View File
@@ -15,8 +15,19 @@ jobs:
update-linked-issues:
name: 🔗 Mark Linked Issues Done on Push
runs-on: ubuntu-latest
if: always()
steps:
- name: Mint App Token
id: app
# Create a GitHub App token
# https://github.com/marketplace/actions/create-github-app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.ST_BOT_APP_ID }}
private-key: ${{ secrets.ST_BOT_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Checkout Repository
# Checkout
# https://github.com/marketplace/actions/checkout
@@ -31,7 +42,7 @@ jobs:
- name: Label Linked Issues
id: label_linked_issues
env:
GH_TOKEN: ${{ secrets.ISSUES_BOT_TOKEN }}
GH_TOKEN: ${{ steps.app.outputs.token }}
run: |
for ISSUE in $(echo $issues | jq -r '.[]'); do
if [ "${{ github.ref }}" == "refs/heads/staging" ]; then
.github/workflows/job-close-stale.yml
+38 -5
View File
@@ -15,14 +15,25 @@ jobs:
mark-inactivity:
name: ⏳ Mark Issues/PRs without Activity
runs-on: ubuntu-latest
if: always()
steps:
- name: Mint App Token
id: app
# Create a GitHub App token
# https://github.com/marketplace/actions/create-github-app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.ST_BOT_APP_ID }}
private-key: ${{ secrets.ST_BOT_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Mark Issues/PRs without Activity
# Close Stale Issues and PRs
# https://github.com/marketplace/actions/close-stale-issues
uses: actions/stale@v9.1.0
with:
repo-token: ${{ secrets.ISSUES_BOT_TOKEN }}
repo-token: ${{ steps.app.outputs.token }}
days-before-stale: 183
days-before-close: 7
operations-per-run: 30
@@ -47,16 +58,27 @@ jobs:
await-user-response:
name: ⚠️ Mark Issues/PRs Awaiting User Response
needs: [mark-inactivity]
runs-on: ubuntu-latest
needs: mark-inactivity
if: always()
steps:
- name: Mint App Token
id: app
# Create a GitHub App token
# https://github.com/marketplace/actions/create-github-app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.ST_BOT_APP_ID }}
private-key: ${{ secrets.ST_BOT_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Mark Issues/PRs Awaiting User Response
# Close Stale Issues and PRs
# https://github.com/marketplace/actions/close-stale-issues
uses: actions/stale@v9.1.0
with:
repo-token: ${{ secrets.ISSUES_BOT_TOKEN }}
repo-token: ${{ steps.app.outputs.token }}
days-before-stale: 7
days-before-close: 7
operations-per-run: 30
@@ -74,16 +96,27 @@ jobs:
alternative-exists:
name: 🔄 Mark Issues with Alternative Exists
needs: [mark-inactivity, await-user-response]
runs-on: ubuntu-latest
needs: await-user-response
if: always()
steps:
- name: Mint App Token
id: app
# Create a GitHub App token
# https://github.com/marketplace/actions/create-github-app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.ST_BOT_APP_ID }}
private-key: ${{ secrets.ST_BOT_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Mark Issues with Alternative Exists
# Close Stale Issues and PRs
# https://github.com/marketplace/actions/close-stale-issues
uses: actions/stale@v9.1.0
with:
repo-token: ${{ secrets.ISSUES_BOT_TOKEN }}
repo-token: ${{ steps.app.outputs.token }}
days-before-stale: 7
days-before-close: 7
operations-per-run: 30
.github/workflows/on-close-handler.yml
+12 -1
View File
@@ -15,14 +15,25 @@ jobs:
remove-labels:
name: 🗑️ Remove Pending Labels on Close
runs-on: ubuntu-latest
if: always()
steps:
- name: Mint App Token
id: app
# Create a GitHub App token
# https://github.com/marketplace/actions/create-github-app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.ST_BOT_APP_ID }}
private-key: ${{ secrets.ST_BOT_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Remove Pending Labels on Close
# 🤖 Issues Helper
# https://github.com/marketplace/actions/issues-helper
uses: actions-cool/issues-helper@v3.6.0
with:
actions: remove-labels
token: ${{ secrets.ISSUES_BOT_TOKEN }}
token: ${{ steps.app.outputs.token }}
issue-number: ${{ github.event.issue.number || github.event.pull_request.number }}
labels: '🚏 Awaiting User Response,🧑‍💻 In Progress,📌 Keep Open,🚫 Merge Conflicts,🔬 Needs Testing,🔨 Needs Work,⚰️ Stale,⛔ Waiting For External/Upstream'
.github/workflows/on-open-handler.yml
+12 -2
View File
@@ -15,15 +15,25 @@ jobs:
label-maintainer:
name: 🏷️ Label if Author is a Repo Maintainer
runs-on: ubuntu-latest
if: contains(fromJson('["Cohee1207", "RossAscends", "Wolfsblvt"]'), github.actor)
if: always() && contains(fromJson('["Cohee1207", "RossAscends", "Wolfsblvt"]'), github.actor)
steps:
- name: Mint App Token
id: app
# Create a GitHub App token
# https://github.com/marketplace/actions/create-github-app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.ST_BOT_APP_ID }}
private-key: ${{ secrets.ST_BOT_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Label if Author is a Repo Maintainer
# 🤖 Issues Helper
# https://github.com/marketplace/actions/issues-helper
uses: actions-cool/issues-helper@v3.6.0
with:
actions: 'add-labels'
token: ${{ secrets.ISSUES_BOT_TOKEN }}
token: ${{ steps.app.outputs.token }}
issue-number: ${{ github.event.issue.number || github.event.pull_request.number }}
labels: '👷 Maintainer'
.github/workflows/pr-auto-manager.yml
+80 -37
View File
@@ -12,30 +12,11 @@ permissions:
pull-requests: write
jobs:
app-auth:
name: 🔑 Mint App token
runs-on: ubuntu-latest
if: always()
outputs:
app_token: ${{ steps.app.outputs.token }}
steps:
- name: Create GitHub App Token
# Create a GitHub App token
# https://github.com/marketplace/actions/create-github-app-token
uses: actions/create-github-app-token@v2
id: app
with:
app-id: ${{ vars.ST_BOT_APP_ID }}
private-key: ${{ secrets.ST_BOT_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
run-eslint:
name: ✅ Check ESLint on PR
runs-on: ubuntu-latest
# Only needs to run when code is changed
if: github.event.action == 'opened' || github.event.action == 'synchronize'
if: always() && (github.event.action == 'opened' || github.event.action == 'synchronize')
# Override permissions, linter likely needs write access to issues
permissions:
@@ -67,7 +48,7 @@ jobs:
# https://github.com/marketplace/actions/action-eslint
uses: sibiraj-s/action-eslint@v3.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
token: ${{ secrets.GITHUB_TOKEN }} # ESLint can run with the original permissions
eslint-args: '--ignore-path=.gitignore --quiet'
extensions: 'js'
annotations: true
@@ -78,7 +59,7 @@ jobs:
label-by-size:
name: 🏷️ Label PR by Size
# This job should run after all others, to prevent possible concurrency issues
needs: [app-auth, label-by-branches, label-by-files, remove-stale-label, check-merge-blocking-labels, write-auto-comments]
needs: [label-by-branches, label-by-files, remove-stale-label, check-merge-blocking-labels, write-auto-comments]
runs-on: ubuntu-latest
# Only needs to run when code is changed
if: always() && (github.event.action == 'opened' || github.event.action == 'synchronize')
@@ -90,12 +71,22 @@ jobs:
pull-requests: write
steps:
- name: Mint App Token
id: app
# Create a GitHub App token
# https://github.com/marketplace/actions/create-github-app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.ST_BOT_APP_ID }}
private-key: ${{ secrets.ST_BOT_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Label PR Size
# Pull Request Size Labeler
# https://github.com/marketplace/actions/pull-request-size-labeler
uses: codelytv/pr-size-labeler@v1.10.2
with:
GITHUB_TOKEN: ${{ needs.app-auth.outputs.app_token }}
GITHUB_TOKEN: ${{ steps.app.outputs.token }}
xs_label: '🟩 ⬤○○○○'
xs_max_size: '20'
s_label: '🟩 ⬤⬤○○○'
@@ -112,12 +103,21 @@ jobs:
label-by-branches:
name: 🏷️ Label PR by Branches
needs: [app-auth]
runs-on: ubuntu-latest
# Only label once when PR is created or when base branch is changed, to allow manual label removal
if: github.event.action == 'opened' || (github.event.action == 'synchronize' && github.event.changes.base)
if: always() && (github.event.action == 'opened' || (github.event.action == 'synchronize' && github.event.changes.base))
steps:
- name: Mint App Token
id: app
# Create a GitHub App token
# https://github.com/marketplace/actions/create-github-app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.ST_BOT_APP_ID }}
private-key: ${{ secrets.ST_BOT_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Checkout Repository
# Checkout
# https://github.com/marketplace/actions/checkout
@@ -129,16 +129,26 @@ jobs:
uses: actions/labeler@v5.0.0
with:
configuration-path: .github/pr-auto-labels-by-branch.yml
repo-token: ${{ needs.app-auth.outputs.app_token }}
repo-token: ${{ steps.app.outputs.token }}
label-by-files:
name: 🏷️ Label PR by Files
needs: [app-auth]
needs: [label-by-branches]
runs-on: ubuntu-latest
# Only needs to run when code is changed
if: github.event.action == 'opened' || github.event.action == 'synchronize'
if: always() && (github.event.action == 'opened' || github.event.action == 'synchronize')
steps:
- name: Mint App Token
id: app
# Create a GitHub App token
# https://github.com/marketplace/actions/create-github-app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.ST_BOT_APP_ID }}
private-key: ${{ secrets.ST_BOT_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Checkout Repository
# Checkout
# https://github.com/marketplace/actions/checkout
@@ -148,15 +158,18 @@ jobs:
# Pull Request Labeler
# https://github.com/marketplace/actions/labeler
uses: actions/labeler@v5.0.0
env:
GITHUB_TOKEN: ${{ steps.app.outputs.token }} # labeler action needs some handholding
with:
configuration-path: .github/pr-auto-labels-by-files.yml
repo-token: ${{ needs.app-auth.outputs.app_token }}
repo-token: ${{ steps.app.outputs.token }}
remove-stale-label:
name: 🗑️ Remove Stale Label on Comment
needs: [label-by-branches, label-by-files]
runs-on: ubuntu-latest
# Only runs on comments not done by the github actions bot
if: github.event_name == 'pull_request_review_comment' && github.actor != 'github-actions[bot]'
if: always() && (github.event_name == 'pull_request_review_comment' && github.actor != 'github-actions[bot]')
# Override permissions, issue labeler needs issues write access
permissions:
@@ -165,19 +178,29 @@ jobs:
pull-requests: write
steps:
- name: Mint App Token
id: app
# Create a GitHub App token
# https://github.com/marketplace/actions/create-github-app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.ST_BOT_APP_ID }}
private-key: ${{ secrets.ST_BOT_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Remove Stale Label
# 🤖 Issues Helper
# https://github.com/marketplace/actions/issues-helper
uses: actions-cool/issues-helper@v3.6.0
with:
actions: 'remove-labels'
token: ${{ secrets.ISSUES_BOT_TOKEN }}
token: ${{ steps.app.outputs.token }}
issue-number: ${{ github.event.pull_request.number }}
labels: '⚰️ Stale'
check-merge-blocking-labels:
name: 🚫 Check Merge Blocking Labels
needs: [label-by-branches, label-by-files]
needs: [label-by-branches, label-by-files, remove-stale-label]
runs-on: ubuntu-latest
# Run, even if the previous jobs were skipped/failed
if: always()
@@ -227,12 +250,22 @@ jobs:
write-auto-comments:
name: 💬 Post PR Comments Based on Labels
needs: [label-by-branches, label-by-files]
needs: [label-by-branches, label-by-files, remove-stale-label, check-merge-blocking-labels]
runs-on: ubuntu-latest
# Run, even if the previous jobs were skipped/failed
if: always()
steps:
- name: Mint App Token
id: app
# Create a GitHub App token
# https://github.com/marketplace/actions/create-github-app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.ST_BOT_APP_ID }}
private-key: ${{ secrets.ST_BOT_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Checkout Repository
# Checkout
# https://github.com/marketplace/actions/checkout
@@ -244,13 +277,13 @@ jobs:
uses: peaceiris/actions-label-commenter@v1.10.0
with:
config_file: .github/pr-auto-comments.yml
github_token: ${{ secrets.GITHUB_TOKEN }}
github_token: ${{ steps.app.outputs.token }}
# This runs on merged PRs to staging, reading the PR body and directly linked issues. Check `issues-updates-on-merge.yml`:`update-linked-issues` for commit-based updates.
update-linked-issues:
name: 🔗 Mark Linked Issues Done on Staging Merge
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'staging'
if: always() && (github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'staging')
# Override permissions, We need to be able to write to issues
permissions:
@@ -259,6 +292,16 @@ jobs:
pull-requests: write
steps:
- name: Mint App Token
id: app
# Create a GitHub App token
# https://github.com/marketplace/actions/create-github-app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.ST_BOT_APP_ID }}
private-key: ${{ secrets.ST_BOT_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Extract Linked Issues From PR Description
id: extract_issues
run: |
@@ -271,7 +314,7 @@ jobs:
PR_NUMBER=${{ github.event.pull_request.number }}
REPO=${{ github.repository }}
API_URL="https://api.github.com/repos/$REPO/pulls/$PR_NUMBER/issues"
ISSUES=$(curl -s -H "Authorization: token ${{ secrets.ISSUES_BOT_TOKEN }}" "$API_URL" | jq -r '.[].number' | jq -R -s -c 'split("\n")[:-1]')
ISSUES=$(curl -s -H "Authorization: token ${{ steps.app.outputs.token }}" "$API_URL" | jq -r '.[].number' | jq -R -s -c 'split("\n")[:-1]')
echo "linked_issues=$ISSUES" >> $GITHUB_ENV
- name: Merge Issue Lists
@@ -283,7 +326,7 @@ jobs:
- name: Label Linked Issues
id: label_linked_issues
env:
GH_TOKEN: ${{ secrets.ISSUES_BOT_TOKEN }}
GH_TOKEN: ${{ steps.app.outputs.token }}
run: |
for ISSUE in $(echo $final_issues | jq -r '.[]'); do
gh issue edit $ISSUE -R ${{ github.repository }} --add-label "✅ Done (staging)" --remove-label "🧑‍💻 In Progress"
.github/workflows/pr-check-merge-conflicts.yaml
+12 -1
View File
@@ -15,14 +15,25 @@ jobs:
check-merge-conflicts:
name: ⚔️ Check Merge Conflicts
runs-on: ubuntu-latest
if: always()
steps:
- name: Mint App Token
id: app
# Create a GitHub App token
# https://github.com/marketplace/actions/create-github-app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.ST_BOT_APP_ID }}
private-key: ${{ secrets.ST_BOT_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- name: Check Merge Conflicts
# Label Conflicting Pull Requests
# https://github.com/marketplace/actions/label-conflicting-pull-requests
uses: eps1lon/actions-label-merge-conflict@v3.0.3
with:
dirtyLabel: '🚫 Merge Conflicts'
repoToken: ${{ secrets.ISSUES_BOT_TOKEN }}
repoToken: ${{ steps.app.outputs.token }}
commentOnDirty: >
⚠️ This PR has conflicts that need to be resolved before it can be merged.