Protect: Add IP block and allow list toggles (#38265) #229034
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Gardening | |
on: | |
pull_request_target: # When a PR is opened, edited, updated, closed, or a label is added. | |
types: [opened, reopened, synchronize, edited, labeled, closed ] | |
issues: # For auto-triage of issues. | |
types: [opened, reopened, labeled, edited, closed] | |
issue_comment: # To gather support references in issue comments. | |
types: [created] | |
push: | |
branches: | |
- trunk # Every time a PR is merged to trunk. | |
concurrency: | |
# For pull_request_target, cancel any concurrent jobs with the same type (e.g. "opened", "labeled") and branch. | |
# Don't cancel any for other events, accomplished by grouping on the unique run_id. | |
group: gardening-${{ github.event_name }}-${{ github.event.action }}-${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
repo-gardening: | |
name: "Manage labels and assignees" | |
runs-on: ubuntu-latest | |
if: github.event_name == 'pull_request_target' || github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name | |
timeout-minutes: 10 # 2021-03-12: Successful runs seem to take a few seconds, but can sometimes take a lot longer since we wait for previous runs to complete. | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup tools | |
uses: ./.github/actions/tool-setup | |
- name: Building Action | |
env: | |
COMPOSER_ROOT_VERSION: dev-trunk | |
run: | | |
pnpm install | |
composer install | |
composer build-development | |
working-directory: ./projects/github-actions/repo-gardening | |
- name: Checkout the PR | |
if: github.event_name == 'pull_request_target' && github.event.pull_request.state != 'closed' | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.ref }} | |
repository: ${{ github.event.pull_request.head.repo.full_name }} | |
# DO NOT run any code in this checkout. Not even an `npm install`. | |
path: ./pr-checkout | |
- name: Wait for prior instances of the workflow to finish | |
uses: ./.github/actions/turnstile | |
with: | |
# Split issues and issue_comment triggers from the rest. Otherwise a lot of issue work can result in pushes to trunk timing out. | |
events: ${{ ( github.event_name == 'issues' || github.event_name == 'issue_comment' ) && 'issues issue_comment' || '' }} | |
ignore-events: ${{ ( github.event_name == 'issues' || github.event_name == 'issue_comment' ) && '' || 'issues issue_comment' }} | |
- name: "Run the action (assign, manage milestones, for issues and PRs)" | |
uses: ./projects/github-actions/repo-gardening | |
env: | |
PR_WORKSPACE: ${{ github.workspace }}${{ github.event_name == 'pull_request_target' && '/pr-checkout' || '' }} | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_token: ${{ secrets.SLACK_TOKEN }} | |
slack_team_channel: ${{ secrets.SLACK_TEAM_CHANNEL }} | |
slack_design_channel: ${{ secrets.SLACK_DESIGN_CHANNEL }} | |
slack_editorial_channel: ${{ secrets.SLACK_EDITORIAL_CHANNEL }} | |
slack_he_triage_channel: ${{ secrets.SLACK_HE_TRIAGE_CHANNEL }} | |
slack_quality_channel: ${{ secrets.SLACK_QUALITY_CHANNEL }} | |
triage_projects_token: ${{ secrets.PROJECT_AUTOMATION_TOKEN }} | |
project_board_url: ${{ secrets.PROJECT_BOARD_URL }} |