Andrey/uptime-kuma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: fix permissions for the draft labeling automation (#6732)

Browse Source 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
Frank Elsinga 2026-01-14 14:21:05 +01:00 committed by GitHub
parent 0cdb63edd1
commit 31d2417dde
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 31 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
.github/workflows/mark-as-draft-on-requesting-changes.yml vendored
View File

@ -1,56 +1,62 @@
name: Mark PR as draft when changes are requested name: Mark PR as draft when changes are requested
on: # pull_request_target is safe here because:
pull_request_review: # 1. Does not use any external actions; only uses the GitHub CLI via run commands
types: [submitted] # 2. Has minimal permissions
# 3. Doesn't checkout or execute any untrusted code from PRs
pull_request: # 4. Only adds/removes labels or changes the draft status
types: [labeled] on: # zizmor: ignore[dangerous-triggers]
pull_request_target:
types:
- review_submitted
- labeled
- ready_for_review
permissions: {} permissions: {}
jobs: jobs:
mark-draft: mark-draft:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
pull-requests: write
if: | if: |
( (
github.event_name == 'pull_request_review' && github.event.action == 'review_submitted' &&
github.event.review.state == 'changes_requested' github.event.review.state == 'changes_requested'
) || ( ) || (
github.event_name == 'pull_request' && github.event.action == 'labeled' &&
github.event.label.name == 'pr:please address review comments' github.event.label.name == 'pr:please address review comments'
) )
steps: steps:
- name: Add label on requested changes - name: Add label on requested changes
if: github.event_name == 'pull_request_review' if: github.event.review.state == 'changes_requested'
env: env:
GH_TOKEN: ${{ secrets.MARK_AS_DRAFT_TOKEN }} GH_TOKEN: ${{ github.token }}
PR_NUMBER: ${{ github.event.pull_request.number }}
REPO: ${{ github.repository }}
run: | run: |
gh issue edit "$PR_NUMBER" \ gh issue edit "${{ github.event.pull_request.number }}" \
--repo "$REPO" \ --repo "${{ github.repository }}" \
--add-label "pr:please address review comments" --add-label "pr:please address review comments"
- name: Mark PR as draft - name: Mark PR as draft
env: env:
GH_TOKEN: ${{ secrets.MARK_AS_DRAFT_TOKEN }} GH_TOKEN: ${{ github.token }}
PR_URL: ${{ github.event.pull_request.html_url }} run: |
run: gh pr ready "$PR_URL" --undo || true gh pr ready "${{ github.event.pull_request.number }}" --undo || true
ready-for-review: ready-for-review:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.event_name == 'pull_request' && github.event.action == 'ready_for_review' permissions:
pull-requests: write
if: github.event.action == 'ready_for_review'
steps: steps:
- name: Update labels for review - name: Update labels for review
env: env:
GH_TOKEN: ${{ secrets.MARK_AS_DRAFT_TOKEN }} GH_TOKEN: ${{ github.token }}
PR_NUMBER: ${{ github.event.pull_request.number }}
REPO: ${{ github.repository }}
run: | run: |
gh issue edit "$PR_NUMBER" \ gh issue edit "${{ github.event.pull_request.number }}" \
--repo "$REPO" \ --repo "${{ github.repository }}" \
--remove-label "pr:please address review comments" || true --remove-label "pr:please address review comments" || true
gh issue edit "$PR_NUMBER" \ gh issue edit "${{ github.event.pull_request.number }}" \
--repo "$REPO" \ --repo "${{ github.repository }}" \
--add-label "pr:needs review" --add-label "pr:needs review"