admin/aquasecurity-trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2026-01-31 13:53:14 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
60eb3f0a2f364c88ce6c0d9a8157ab6fe1a6eba3
aquasecurity-trivy/.github/workflows/backport.yaml
dependabot[bot] 60eb3f0a2f chore(deps): bump the github-actions group with 11 updates (#10001) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-05 11:02:40 +00:00

66 lines
2.3 KiB
YAML
Raw Blame History

name: Automatic Backporting
on:
issue_comment:
types: [created]
jobs:
check_permission:
name: Check comment author permissions
runs-on: ubuntu-latest
outputs:
is_maintainer: ${{ steps.check_permission.outputs.is_maintainer }}
steps:
- name: Check permission
id: check_permission
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
PERMISSION=$(gh api /repos/$GITHUB_REPOSITORY/collaborators/$GITHUB_ACTOR/permission --jq '.permission')
if [ "$PERMISSION" == "admin" ] || [ "$PERMISSION" == "write" ]; then
echo "is_maintainer=true" >> $GITHUB_OUTPUT
else
echo "is_maintainer=false" >> $GITHUB_OUTPUT
fi
backport:
name: Backport PR
needs: check_permission # run this job after checking permissions
if: |
needs.check_permission.outputs.is_maintainer == 'true' &&
github.event.issue.pull_request &&
github.event.issue.pull_request.merged_at != null &&
startsWith(github.event.comment.body, '@aqua-bot backport release/')
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
fetch-depth: 0
- name: Extract branch name
env:
COMMENT_BODY: ${{ github.event.comment.body }}
run: |
BRANCH_NAME=$(echo "$COMMENT_BODY" | grep -oE '@aqua-bot backport\s+(\S+)' | awk '{print $3}')
if [[ -z "$BRANCH_NAME" || "$BRANCH_NAME" == *".."* || ! "$BRANCH_NAME" =~ ^[A-Za-z0-9._-]+(/[A-Za-z0-9._-]+)*$ ]]; then
echo "Error: Invalid branch name extracted (unsafe characters detected)." >&2
exit 1
fi
echo "BRANCH_NAME=$BRANCH_NAME" >> "$GITHUB_ENV"
- name: Set up Git user
run: |
git config --global user.email "actions@github.com"
git config --global user.name "GitHub Actions"
- name: Run backport script
env:
# Use ORG_REPO_TOKEN instead of GITHUB_TOKEN
# This allows the created PR to trigger tests and other workflows
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
ISSUE_NUMBER: ${{ github.event.issue.number }}
run: ./misc/backport/backport.sh "$BRANCH_NAME" "$ISSUE_NUMBER"
Reference in New Issue View Git Blame Copy Permalink