From da3f378d5d52b56ef5360d72e2fec7f466ec6190 Mon Sep 17 00:00:00 2001 From: Rachel Powers <508861+Ryex@users.noreply.github.com> Date: Fri, 14 Mar 2025 10:35:35 -0700 Subject: [PATCH] ci(label-actions): actions can't directly access secrets Signed-off-by: Rachel Powers <508861+Ryex@users.noreply.github.com> --- .github/actions/add-labels/action.yml | 23 ++++++++++------------ .github/actions/delete-labels/action.yml | 6 +++--- .github/workflows/manual-add-label.yml | 3 ++- .github/workflows/manual-delete-labels.yml | 3 ++- 4 files changed, 17 insertions(+), 18 deletions(-) diff --git a/.github/actions/add-labels/action.yml b/.github/actions/add-labels/action.yml index fdc8395b2..9adb87945 100644 --- a/.github/actions/add-labels/action.yml +++ b/.github/actions/add-labels/action.yml @@ -3,7 +3,7 @@ description: adds label(s) to labelable inputs: gh_token: description: gh api access token to use - default: ${{ secrets.GITHUB_TOKEN }} + required: true repository: description: the OWNER/REPOSITORY to operate on default: ${{ github.repository }} @@ -116,7 +116,7 @@ runs: env: GH_TOKEN: ${{ inputs.gh_token }} REPOSITORY: ${{ inputs.repository }} - ISSUES: ${{ inputs.labels }} + ISSUES: ${{ inputs.issues }} run: | owner=$(echo "$REPOSITORY" | cut -d '/' -f 1) repo=$(echo "$REPOSITORY" | cut -d '/' -f 2) @@ -164,14 +164,13 @@ runs: env: GH_TOKEN: ${{ inputs.gh_token }} REPO_ID: ${{ steps.collect_labels.outputs.repo_id }} - LABELS: ${{ steps.collect_labels.outputs.labels }} + EXISTING: ${{ steps.collect_labels.outputs.found }} MISSING: ${{ steps.collect_labels.outputs.missing }} run: | query=$( jq -nr \ --argjson labels "$MISSING" \ - --arg repo "$REPO_ID" \ - ' + --arg repo "$REPO_ID" ' "mutation {\n" + ( reduce ($labels | keys | .[] | [., $labels[.]]) as $i ([0, ""]; [ .[0] + 1, @@ -196,15 +195,13 @@ runs: ' ) data=$( - gh api graphql -f query="$query" \ - | jq --argjson existing "$LABELS" \ - ' - reduce .data[].label as $i ({}; .[$i.name] = {"id": $i.id, "color": $i.color }) - | . + $existing - ' + gh api graphql -f query="$query" | jq --argjson existing "$EXISTING" ' + reduce .data[].label as $i ({}; .[$i.name] = {"id": $i.id, "color": $i.color }) + | . + $existing + ' ) - lable_ids=$(jq -c '[.[].id]' <<< "$data") - echo "label_ids=$lable_ids" >> "$GITHUB_OUTPUT" + label_ids=$(jq -c '[.[].id]' <<< "$data") + echo "label_ids=$label_ids" >> "$GITHUB_OUTPUT" - name: Apply Labels id: apply_labels diff --git a/.github/actions/delete-labels/action.yml b/.github/actions/delete-labels/action.yml index 9ca921283..25a8d5fad 100644 --- a/.github/actions/delete-labels/action.yml +++ b/.github/actions/delete-labels/action.yml @@ -3,7 +3,7 @@ description: delete Label(s) inputs: gh_token: description: gh api access token to use - default: ${{ secrets.GITHUB_TOKEN }} + required: true repository: description: the OWNER/REPOSITORY to operate on default: ${{ github.repository }} @@ -66,10 +66,10 @@ runs: | select( objects | .name as $name | any($labels[]; . == $name ) ) ) as $i ({}; .[$i.name] = {"id": $i.id}) ) as $found - | [.[].id] + | [$found[].id] ' ) - echo "label_ids=$data" >>> "$GITHUB_OUTPUT" + echo "label_ids=$data" >> "$GITHUB_OUTPUT" - name: Delete Labels id: delete_labels diff --git a/.github/workflows/manual-add-label.yml b/.github/workflows/manual-add-label.yml index e6c768a7d..8a06ae213 100644 --- a/.github/workflows/manual-add-label.yml +++ b/.github/workflows/manual-add-label.yml @@ -1,4 +1,4 @@ -name: Manual workflow to apply labels in bulk +name: Apply labels in bulk on: workflow_dispatch: @@ -38,6 +38,7 @@ jobs: - name: Run Label Action uses: ./.github/actions/add-labels with: + gh_token: ${{ secrets.GITHUB_TOKEN }} issues: ${{ inputs.issues }} labels: ${{ inputs.labels }} colors: ${{ inputs.colors }} diff --git a/.github/workflows/manual-delete-labels.yml b/.github/workflows/manual-delete-labels.yml index b575d59d8..e8c4b985d 100644 --- a/.github/workflows/manual-delete-labels.yml +++ b/.github/workflows/manual-delete-labels.yml @@ -1,5 +1,5 @@ -name: Manual workflow to delete labels in bulk +name: Delete labels in bulk on: workflow_dispatch: @@ -26,4 +26,5 @@ jobs: - name: Run Label Action uses: ./.github/actions/delete-labels with: + gh_token: ${{ secrets.GITHUB_TOKEN }} labels: ${{ inputs.labels }}