diff --git a/.github/workflows/label-external-issues.yml b/.github/workflows/label-external-issues.yml index 1b13d83c54..2e71bfc801 100644 --- a/.github/workflows/label-external-issues.yml +++ b/.github/workflows/label-external-issues.yml @@ -19,27 +19,35 @@ on: issues: types: - opened - -env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} jobs: Label-Issue: runs-on: ubuntu-latest # Only run if the issue author is not part of NV-Morpheus if: ${{ ! contains(fromJSON('["OWNER", "MEMBER", "CONTRIBUTOR", "COLLABORATOR"]'), github.event.issue.author_association)}} - steps: + steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: generate-token + with: + app-id: ${{ secrets.ACTIONS_APP_ID }} + private-key: ${{ secrets.ACTIONS_APP_KEY }} + - name: add-triage-label + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | issue_url=${{ github.event.issue.html_url }} gh issue edit ${issue_url} --add-label "Needs Triage,external" - + - name: add-comment-to-issue + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | issue_url=${{ github.event.issue.html_url }} author=${{ github.event.issue.user.login }} echo ${author} gh issue comment ${issue_url} --body "Hi @${author}! - + Thanks for submitting this issue - our team has been notified and we'll get back to you as soon as we can! - In the mean time, feel free to add any relevant information to this issue." + In the meantime, feel free to add any relevant information to this issue." diff --git a/.github/workflows/project_automation_set_in_progress.yml b/.github/workflows/project_automation_set_in_progress.yml index 77d2bd8f17..414c013cb3 100644 --- a/.github/workflows/project_automation_set_in_progress.yml +++ b/.github/workflows/project_automation_set_in_progress.yml @@ -23,33 +23,33 @@ on: pull_request_review: # Run this action when a PR is reviewed types: [submitted] - + env: - ORG: ${{ github.event.repository.owner.login }} - PR_NUMBER: ${{ github.event.pull_request.number }} - REPO: ${{ github.event.repository.name }} - PR_GLOBAL_ID: ${{ github.event.pull_request.node_id}} + ORG: ${{ github.event.repository.owner.login }} + PR_NUMBER: ${{ github.event.pull_request.number }} + REPO: ${{ github.event.repository.name }} + PR_GLOBAL_ID: ${{ github.event.pull_request.node_id}} - # The environment vars below are hard-coded from external queries to save time + complexity here - # Note: PVT means Project V2, not "Private" - # PVT = Project V2, PVTSSF = Project V2 Single Select Field, PVTIF = Project V2 Iteration Field - PROJECT_ID: "PVT_kwDOBkAsks4ACeio" - STATUS_FIELD_ID: "PVTSSF_lADOBkAsks4ACeiozgBbno0" - WORKING_SPRINT_FIELD_ID: "PVTIF_lADOBkAsks4ACeiozgJ_KCY" - START_SPRINT_FIELD_ID: "PVTIF_lADOBkAsks4ACeiozgI90p0" - IN_PROGRESS_PROJECT_OPTION_ID: "47fc9ee4" - IN_REVIEW_PROJECT_OPTION_ID: "eb7a6302" + # The environment vars below are hard-coded from external queries to save time + complexity here + # Note: PVT means Project V2, not "Private" + # PVT = Project V2, PVTSSF = Project V2 Single Select Field, PVTIF = Project V2 Iteration Field + PROJECT_ID: "PVT_kwDOBkAsks4ACeio" + STATUS_FIELD_ID: "PVTSSF_lADOBkAsks4ACeiozgBbno0" + WORKING_SPRINT_FIELD_ID: "PVTIF_lADOBkAsks4ACeiozgJ_KCY" + START_SPRINT_FIELD_ID: "PVTIF_lADOBkAsks4ACeiozgI90p0" + IN_PROGRESS_PROJECT_OPTION_ID: "47fc9ee4" + IN_REVIEW_PROJECT_OPTION_ID: "eb7a6302" jobs: project_automation_in_progress: runs-on: ubuntu-latest # We use the default GitHub token to perform the draft update because - # The pull_request_review trigger does not grant access to the secrets.PROJECT_MANAGEMENT_PAT + # The pull_request_review trigger does not grant access to secrets permissions: issues: write pull-requests: write - + steps: - name: Check if changes requested from a reviewer id: check_changes_requested @@ -58,7 +58,7 @@ jobs: if [ ${{ github.event.review.state }} != 'changes_requested' ]; then echo "Changes not requested, exiting" exit 0 - + # If it is requesting changes, set PR to draft # We use the default token here since we're granting write access to the PR elif [ ${{ github.event.pull_request.draft }} == false ]; then @@ -80,8 +80,6 @@ jobs: - name: Select Status Field Value id: select_status_field_value if: github.event_name == 'pull_request_target' - env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} run: | # If it's not a draft and it's an opened trigger, the status should be "Ready for Review", otherwise "In Progress" if [ ${{ github.event.pull_request.draft }} == false ] && [ ${{ github.event.action }} == "opened" ]; then @@ -96,8 +94,6 @@ jobs: - name: Get PR Project ID id: get_pr_id if: github.event_name == 'pull_request_target' - env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} run: | # Query up to 10 projects for the PR gh api graphql -f query=' @@ -122,7 +118,7 @@ jobs: } } }' > project_data.json - + # Filter the json result to only the project-specific ID for the PR # A PR can be in multiple projects so we need to filter by the project ID we want pr_id=$(jq -r '.data.organization.repository.issueOrPullRequest.projectItems.edges[] | @@ -130,12 +126,10 @@ jobs: .node.id' project_data.json) echo "PR_ID=$pr_id" >> $GITHUB_ENV continue-on-error: true - + - name: Set PR Fields id: set_pr_fields if: github.event_name == 'pull_request_target' - env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} run: | gh api graphql -f query=' mutation { @@ -154,7 +148,7 @@ jobs: } } }' - + # Check if the PR has a start sprint assigned, save the result for the linked issues gh api graphql -f query=' query { @@ -171,7 +165,7 @@ jobs: }' > start_sprint_exists_data.json start_sprint_option_id=$(jq -r '.data.node.fieldValueByName.id' start_sprint_exists_data.json) echo "START_SPRINT_OPTION_ID=$start_sprint_option_id" >> $GITHUB_ENV - + # If there is no start sprint assigned, assign the current start sprint if [ "$start_sprint_option_id" == 'null' ]; then # Get current start sprint iteration id @@ -197,7 +191,7 @@ jobs: }' > start_sprint_option_data.json current_start_sprint_option_id=$(jq -r '.data.node.field.configuration.iterations[0].id' start_sprint_option_data.json) echo "CURRENT_START_SPRINT_OPTION_ID=$current_start_sprint_option_id" >> $GITHUB_ENV - + # The query below is constructed differently than the ones above due to bash variable syntax + github actions syntax interactions QUERY="mutation { updateProjectV2ItemFieldValue( @@ -217,7 +211,7 @@ jobs: }" gh api graphql --field query="$QUERY" fi - + # Assign the current working sprint to the PR (faster/simpler to just overwrite even if it is the same) gh api graphql -f query=' query { @@ -240,7 +234,7 @@ jobs: }' > working_sprint_options_data.json current_working_sprint_option_id=$(jq -r '.data.node.field.configuration.iterations[0].id' working_sprint_options_data.json) echo "CURRENT_WORKING_SPRINT_OPTION_ID=$current_working_sprint_option_id" >> $GITHUB_ENV - + # Set the working sprint to the current working sprint QUERY="mutation { updateProjectV2ItemFieldValue( @@ -260,12 +254,10 @@ jobs: }" gh api graphql --field query="$QUERY" continue-on-error: true - + - name: Sync Linked Issues id: sync_linked_issues if: github.event_name == 'pull_request_target' - env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} run: | # Find the linked issues to the PR gh api graphql -f query=' @@ -303,7 +295,7 @@ jobs: issue_ids=$(jq -r '.data.organization.repository.issueOrPullRequest.closingIssuesReferences.edges[].node.projectItems.edges[] | select(.node.project.id == "${{ env.PROJECT_ID }}") | .node.id' linked_issues.json) - + # For each linked issue, set the status to "In Progress", the Working Sprint to the current working sprint # If there's no Start Sprint, set that to the current Start Sprint as well for issue_id in $issue_ids; do diff --git a/.github/workflows/project_automation_set_in_review.yml b/.github/workflows/project_automation_set_in_review.yml index bacb6812df..9734a50f85 100644 --- a/.github/workflows/project_automation_set_in_review.yml +++ b/.github/workflows/project_automation_set_in_review.yml @@ -20,7 +20,7 @@ on: # Run this action when a PR is opened or edited # Issues do not have a graphQL connection to linked PRs so we can't use that event types: [ready_for_review, review_requested] - + env: ORG: ${{ github.event.repository.owner.login }} PR_NUMBER: ${{ github.event.pull_request.number }} @@ -36,16 +36,23 @@ env: jobs: project_automation_in_review: runs-on: ubuntu-latest - + steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: generate-token + with: + app-id: ${{ secrets.ACTIONS_APP_ID }} + private-key: ${{ secrets.ACTIONS_APP_KEY }} + - name: Wait 1 Second id: sleep run: sleep 1 - + - name: Get PR Project ID id: get_pr_id env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Query up to 10 projects for the PR gh api graphql -f query=' @@ -70,7 +77,7 @@ jobs: } } }' > project_data.json - + # Filter the json result to only the project-specific ID for the PR # A PR can be in multiple projects so we need to filter by the project ID we want pr_id=$(jq -r '.data.organization.repository.issueOrPullRequest.projectItems.edges[] | @@ -81,8 +88,8 @@ jobs: - name: Set PR to In Review id: set_pr_in_review - env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Update the PR status to In Review gh api graphql -f query=' @@ -107,7 +114,7 @@ jobs: - name: Set Linked Issues to In Review id: update_linked_issues env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | gh api graphql -f query=' query { @@ -144,7 +151,7 @@ jobs: issue_ids=$(jq -r '.data.organization.repository.issueOrPullRequest.closingIssuesReferences.edges[].node.projectItems.edges[] | select(.node.project.id == "${{ env.PROJECT_ID }}") | .node.id' linked_issue_data.json) - + # Set Linked Issues to In Review for issue_id in $issue_ids; do # The query below is constructed differently than the others due to bash variable syntax + github actions syntax interactions diff --git a/.github/workflows/project_automation_set_roadmap.yml b/.github/workflows/project_automation_set_roadmap.yml index 19d458908f..2759e5b943 100644 --- a/.github/workflows/project_automation_set_roadmap.yml +++ b/.github/workflows/project_automation_set_roadmap.yml @@ -22,7 +22,7 @@ on: issues: # Run this action when an issue is closed types: [closed] - + env: ORG: ${{ github.event.repository.owner.login }} PR_NUMBER: ${{ github.event.pull_request.number }} # evaluates to null for issues @@ -38,13 +38,20 @@ env: jobs: project_automation_roadmap_on_close: runs-on: ubuntu-latest - - steps: + + steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: generate-token + with: + app-id: ${{ secrets.ACTIONS_APP_ID }} + private-key: ${{ secrets.ACTIONS_APP_KEY }} + - name: Get PR Project ID if: github.event_name == 'pull_request_target' id: get_pr_id env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Query up to 10 projects for the PR gh api graphql -f query=' @@ -69,7 +76,7 @@ jobs: } } }' > project_data.json - + # Filter the json result to only the project-specific ID for the PR # A PR can be in multiple projects so we need to filter by the project ID we want pr_id=$(jq -r '.data.organization.repository.issueOrPullRequest.projectItems.edges[] | @@ -77,12 +84,12 @@ jobs: .node.id' project_data.json) echo "ITEM_ID=$pr_id" >> $GITHUB_ENV continue-on-error: true - + - name: Get Issue Project ID if: github.event_name == 'issues' id: get_issue_id env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Query up to 10 projects for the Issue gh api graphql -f query=' @@ -107,7 +114,7 @@ jobs: } } }' > project_data.json - + # Filter the json result to only the project-specific ID for the PR # A PR can be in multiple projects so we need to filter by the project ID we want issue_id=$(jq -r '.data.organization.repository.issueOrPullRequest.projectItems.edges[] | @@ -119,8 +126,8 @@ jobs: - name: Get Current Release id: get_current_release env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} - run: | + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} + run: | # Get current roadmap id # We maintain the roadmap as a single select field in the project, with the first value being the upcoming release @@ -146,8 +153,8 @@ jobs: - name: Set Item Roadmap id: set_item_roadmap - env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Perform the mutation to update the Roadmap gh api graphql -f query=' diff --git a/.github/workflows/project_automation_sync_pr_issues.yml b/.github/workflows/project_automation_sync_pr_issues.yml index 5dfa479138..7533c2e512 100644 --- a/.github/workflows/project_automation_sync_pr_issues.yml +++ b/.github/workflows/project_automation_sync_pr_issues.yml @@ -38,6 +38,13 @@ jobs: runs-on: ubuntu-latest steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: generate-token + with: + app-id: ${{ secrets.ACTIONS_APP_ID }} + private-key: ${{ secrets.ACTIONS_APP_KEY }} + - name: Wait 1 Second id: sleep run: sleep 1 @@ -45,7 +52,7 @@ jobs: - name: Get PR Project ID id: get_pr_id env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Query up to 10 projects for the PR gh api graphql -f query=' @@ -70,7 +77,7 @@ jobs: } } }' > project_data.json - + # Filter the json result to only the project-specific ID for the PR # A PR can be in multiple projects so we need to filter by the project ID we want pr_id=$(jq -r '.data.organization.repository.issueOrPullRequest.projectItems.edges[] | @@ -81,8 +88,8 @@ jobs: - name: Get Status, Start Sprint, and Working Sprint Fields from the PR id: get_pr_status - env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Query the PR's status from the project gh api graphql -f query=' @@ -140,7 +147,7 @@ jobs: - name: Sync Linked Issues id: update_linked_issues env: - GITHUB_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | gh api graphql -f query=' query { diff --git a/.github/workflows/project_automation_track_pr_dates.yml b/.github/workflows/project_automation_track_pr_dates.yml index d660e96484..28a05e4f3f 100644 --- a/.github/workflows/project_automation_track_pr_dates.yml +++ b/.github/workflows/project_automation_track_pr_dates.yml @@ -24,7 +24,6 @@ env: ORG: ${{ github.event.repository.owner.login }} PR_NUMBER: ${{ github.event.pull_request.number }} REPO: ${{ github.event.repository.name }} - GH_TOKEN: ${{ secrets.PROJECT_MANAGEMENT_PAT }} OPENED_DATE: ${{ github.event.pull_request.created_at }} CLOSED_DATE: ${{ github.event.pull_request.closed_at }} TRIGGER: ${{ github.event.action }} @@ -42,12 +41,21 @@ jobs: runs-on: ubuntu-latest steps: + - name: Generate Token + uses: actions/create-github-app-token@v1 + id: generate-token + with: + app-id: ${{ secrets.ACTIONS_APP_ID }} + private-key: ${{ secrets.ACTIONS_APP_KEY }} + - name: Sleep 1s id: sleep_1s run: sleep 1 - name: Get PR Project ID id: get_pr_id + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Query up to 10 projects for the PR gh api graphql -f query=' @@ -72,7 +80,7 @@ jobs: } } }' > project_data.json - + # Filter the json result to only the project-specific ID for the PR # A PR can be in multiple projects so we need to filter by the project ID we want pr_id=$(jq -r '.data.organization.repository.issueOrPullRequest.projectItems.edges[] | @@ -84,6 +92,8 @@ jobs: - name: Get Date for Review Start if: ${{ env.TRIGGER == 'ready_for_review' }} || (${{ env.TRIGGER == 'opened' }} && ${{ github.event.pull_request.draft == false }}) id: get_date + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Get the current date in the format required by ProjectsV2 GraphQL # Uses EST timezone @@ -99,6 +109,8 @@ jobs: - name: Set PR Opened Date id: set_open_date if: ${{ env.TRIGGER == 'opened' }} + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Mutation to update the PRs's Opened Date field echo "${{ env.OPENED_DATE }}" @@ -125,7 +137,9 @@ jobs: - name: Set PR Review Start Date id: set_review_date if: ${{ env.TRIGGER == 'ready_for_review' }} || (${{ env.TRIGGER == 'opened' }} && ${{ github.event.pull_request.draft == false }}) - run: | + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} + run: | # Check the Review Start Date gh api graphql -f query=' query { @@ -168,6 +182,8 @@ jobs: - name: Set PR Closed Date id: set_closed_date if: ${{ env.TRIGGER == 'closed' }} + env: + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | # Mutation to update the PR's Closed Date field gh api graphql -f query='