-
Notifications
You must be signed in to change notification settings - Fork 0
56 lines (49 loc) · 1.89 KB
/
Copy pathadd-to-project.yml
File metadata and controls
56 lines (49 loc) · 1.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
name: Add to project board
on:
issues:
types:
- opened
- reopened
- transferred
pull_request:
types:
- reopened
- opened
# Limit token permissions for security
permissions: read-all
env:
BOARD_NUMBER: "24"
jobs:
add-to-project:
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
# This is a useful security step to check for unexpected outbound calls from the runner,
# which could indicate a compromised token or runner.
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
with:
egress-policy: audit
# Using this security pattern for GitHub Apps is recommended by GitHub and ensures that
# the token is only available for a short time and has limited permissions. Check out
# <https://guidebook.seedcase-project.org/operations/security> for more details.
- uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
id: app-token
with:
client-id: ${{ vars.ADD_TO_BOARD_APP_ID }}
private-key: ${{ secrets.ADD_TO_BOARD }}
- name: Add issue or PR to project board
uses: actions/add-to-project@5afcf98fcd03f1c2f92c3c83f58ae24323cc57fd # v2.0.0
with:
project-url: "https://github.com/orgs/${{ github.repository_owner }}/projects/${{ env.BOARD_NUMBER }}"
github-token: ${{ steps.app-token.outputs.token }}
- name: Assign PR to creator
if: ${{ github.event_name == 'pull_request' }}
run: |
gh pr edit $PR --add-assignee $AUTHOR --repo $REPO
env:
REPO: ${{ github.repository }}
AUTHOR: ${{ github.event.pull_request.user.login }}
PR: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}