actions-milestone's Introduction

ActionsMilestone

This action add milestone to PRs.:hammer:

Inputs

`repo-token`

required The GITHUB_TOKEN secret.

`configuration-path`

required The path for the milestone configurations. Default ".github/milestone.yml"

Note if the configuration is located outside of the repository, like it could be if used in a reusable workflow, the reference of the configuration file must be defined with the @ syntax, e.g. ".github/milestone.yml@master"

`configuration-repo`

The repository where the configuration is located (default to the same repos as the action). This input is needed when the action is used inside a reusable workflow outside of the action caller repository.

`silent`

Be silent in case of any failures.

`force`

Overwrite the PR's milestone if it is already set and doesn't match the one found from the config. NOTE: do nothing if there is no milestone match from the config.

`clear`

Clear the PR's milestone if it is already set and there is no match from the configuration.

Outputs

`milestone`

The added/modified milestone or null when no milestone is set.

`previous`

Previous milestone or null when no milestone was set.

Example usage

`.github/milestone.yml`

base-branch:
  - "(master)"
  - "releases\\/(v\\d+)"

head-branch:
  - "feature\\/(v\\d+)\\/.+"

`.github/workflows/milestone.yml`

name: Pull Request Milestone

on:
  pull_request:
    types:
      - opened

jobs:
  milestone:
    name: Pull Request Milestone
    runs-on: ubuntu-latest
    steps:
      - uses: iyu/actions-milestone@v1
        with:
          repo-token: "${{ secrets.GITHUB_TOKEN }}"
          configuration-path: .github/milestone.yml
          silent: true

actions-milestone's People

Stargazers

Watchers

actions-milestone's Issues

Not able to use the action from a reusable workflow

When using the action inside a reusable workflow located in another repository the config file is not found.

I did a workaround in my fork: https://github.com/geoadmin/action-add-to-milestone/tree/feature_reusable_workflow

GITHUB_TOKEN permissions used by this action

At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token permissions for their workflows, they can use this knowledge-base instead of trying to research permissions needed by each GitHub Action they use.

Below you can see the KB of your GITHUB Action.

name: 'Pull Request Milestone'
github-token:
  action-input:
    input: repo-token
    is-default: false
  permissions:
    pull-requests: write
    pull-requests-reason: to add milestones to PRs

If you think this information is not accurate, or if in the future your GitHub Action starts using a different set of permissions, please create an issue at https://github.com/step-security/secure-workflows/issues to let us know.

This issue is automatically created by our analysis bot, feel free to close after reading :)

References:

GitHub asks users to define workflow permissions, see https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ and https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token for securing GitHub workflows against supply-chain attacks.

Setting minimum token permissions is also checked for by Open Source Security Foundation (OpenSSF) Scorecards. Scorecards recommend using https://github.com/step-security/secure-workflows so developers can fix this issue in an easier manner.

Recommend Projects

iyu / actions-milestone Goto Github PK

actions-milestone's Introduction

ActionsMilestone

Inputs

repo-token

configuration-path

configuration-repo

silent

force

clear