mirror of
https://github.com/hwchase17/langchain.git
synced 2026-05-17 04:45:11 +00:00
f2d0878d23
Bumps [actions/github-script](https://github.com/actions/github-script) from 8.0.0 to 9.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/github-script/releases">actions/github-script's releases</a>.</em></p> <blockquote> <h2>v9.0.0</h2> <p><strong>New features:</strong></p> <ul> <li><strong><code>getOctokit</code> factory function</strong> — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See <a href="https://github.com/actions/github-script#creating-additional-clients-with-getoctokit">Creating additional clients with <code>getOctokit</code></a> for details and examples.</li> <li><strong>Orchestration ID in user-agent</strong> — The <code>ACTIONS_ORCHESTRATION_ID</code> environment variable is automatically appended to the user-agent string for request tracing.</li> </ul> <p><strong>Breaking changes:</strong></p> <ul> <li><strong><code>require('@actions/github')</code> no longer works in scripts.</strong> The upgrade to <code>@actions/github</code> v9 (ESM-only) means <code>require('@actions/github')</code> will fail at runtime. If you previously used patterns like <code>const { getOctokit } = require('@actions/github')</code> to create secondary clients, use the new injected <code>getOctokit</code> function instead — it's available directly in the script context with no imports needed.</li> <li><code>getOctokit</code> is now an injected function parameter. Scripts that declare <code>const getOctokit = ...</code> or <code>let getOctokit = ...</code> will get a <code>SyntaxError</code> because JavaScript does not allow <code>const</code>/<code>let</code> redeclaration of function parameters. Use the injected <code>getOctokit</code> directly, or use <code>var getOctokit = ...</code> if you need to redeclare it.</li> <li>If your script accesses other <code>@actions/github</code> internals beyond the standard <code>github</code>/<code>octokit</code> client, you may need to update those references for v9 compatibility.</li> </ul> <h2>What's Changed</h2> <ul> <li>Add ACTIONS_ORCHESTRATION_ID to user-agent string by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li> <li>ci: use deployment: false for integration test environments by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/712">actions/github-script#712</a></li> <li>feat!: add getOctokit to script context, upgrade <code>@actions/github</code> v9, <code>@octokit/core</code> v7, and related packages by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/700">actions/github-script#700</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/695">actions/github-script#695</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v8.0.0...v9.0.0">https://github.com/actions/github-script/compare/v8.0.0...v9.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="3a2844b7e9"><code>3a2844b</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/700">#700</a> from actions/salmanmkc/expose-getoctokit + prepare re...</li> <li><a href="ca10bbdd1a"><code>ca10bbd</code></a> fix: use <code>@octokit/core/</code>types import for v7 compatibility</li> <li><a href="86e48e20ac"><code>86e48e2</code></a> merge: incorporate main branch changes</li> <li><a href="c1084728b5"><code>c108472</code></a> chore: rebuild dist for v9 upgrade and getOctokit factory</li> <li><a href="afff112e4f"><code>afff112</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/712">#712</a> from actions/salmanmkc/deployment-false + fix user-ag...</li> <li><a href="ff8117e5b7"><code>ff8117e</code></a> ci: fix user-agent test to handle orchestration ID</li> <li><a href="81c6b78760"><code>81c6b78</code></a> ci: use deployment: false to suppress deployment noise from integration tests</li> <li><a href="3953caf885"><code>3953caf</code></a> docs: update README examples from <a href="https://github.com/v8"><code>@v8</code></a> to <a href="https://github.com/v9"><code>@v9</code></a>, add getOctokit docs and v9 brea...</li> <li><a href="c17d55b90d"><code>c17d55b</code></a> ci: add getOctokit integration test job</li> <li><a href="a047196d9a"><code>a047196</code></a> test: add getOctokit integration tests via callAsyncFunction</li> <li>Additional commits viewable in <a href="ed597411d8...3a2844b7e9">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
214 lines
8.8 KiB
YAML
214 lines
8.8 KiB
YAML
# Unified PR labeler — applies size, file-based, title-based, and
|
|
# contributor classification labels in a single sequential workflow.
|
|
#
|
|
# Consolidates pr_labeler_file.yml, pr_labeler_title.yml,
|
|
# pr_size_labeler.yml, and PR-handling from tag-external-contributions.yml
|
|
# into one workflow to eliminate race conditions from concurrent label
|
|
# mutations. tag-external-issues.yml remains active for issue-only
|
|
# labeling. Backfill lives in pr_labeler_backfill.yml.
|
|
#
|
|
# Config and shared logic live in .github/scripts/pr-labeler-config.json
|
|
# and .github/scripts/pr-labeler.js — update those when adding partners.
|
|
#
|
|
# Setup Requirements:
|
|
# 1. Create a GitHub App with permissions:
|
|
# - Repository: Pull requests (write)
|
|
# - Repository: Issues (write)
|
|
# - Organization: Members (read)
|
|
# 2. Install the app on your organization and this repository
|
|
# 3. Add these repository secrets:
|
|
# - ORG_MEMBERSHIP_APP_ID: Your app's ID
|
|
# - ORG_MEMBERSHIP_APP_PRIVATE_KEY: Your app's private key
|
|
#
|
|
# The GitHub App token is required to check private organization membership
|
|
# and to propagate label events to downstream workflows.
|
|
|
|
name: "🏷️ PR Labeler"
|
|
|
|
on:
|
|
# Safe since we're not checking out or running the PR's code.
|
|
# NEVER CHECK OUT UNTRUSTED CODE FROM A PR's HEAD IN A pull_request_target JOB.
|
|
# Doing so would allow attackers to execute arbitrary code in the context of your repository.
|
|
pull_request_target:
|
|
types: [opened, synchronize, reopened, edited]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
concurrency:
|
|
# Separate opened events so external/tier labels are never lost to cancellation
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}-${{ github.event.action == 'opened' && 'opened' || 'update' }}
|
|
cancel-in-progress: ${{ github.event.action != 'opened' }}
|
|
|
|
jobs:
|
|
label:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
issues: write
|
|
|
|
steps:
|
|
# Checks out the BASE branch (safe for pull_request_target — never
|
|
# the PR head). Needed to load .github/scripts/pr-labeler*.
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
|
|
- name: Generate GitHub App token
|
|
if: github.event.action == 'opened'
|
|
id: app-token
|
|
uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3
|
|
with:
|
|
app-id: ${{ secrets.ORG_MEMBERSHIP_APP_ID }}
|
|
private-key: ${{ secrets.ORG_MEMBERSHIP_APP_PRIVATE_KEY }}
|
|
|
|
- name: Verify App token
|
|
if: github.event.action == 'opened'
|
|
run: |
|
|
if [ -z "${{ steps.app-token.outputs.token }}" ]; then
|
|
echo "::error::GitHub App token generation failed — cannot classify contributor"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Check org membership
|
|
if: github.event.action == 'opened'
|
|
id: check-membership
|
|
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
|
|
with:
|
|
github-token: ${{ steps.app-token.outputs.token }}
|
|
script: |
|
|
const { owner, repo } = context.repo;
|
|
const { h } = require('./.github/scripts/pr-labeler.js').loadAndInit(github, owner, repo, core);
|
|
|
|
const author = context.payload.sender.login;
|
|
const { isExternal } = await h.checkMembership(
|
|
author, context.payload.sender.type,
|
|
);
|
|
core.setOutput('is-external', isExternal ? 'true' : 'false');
|
|
|
|
- name: Apply PR labels
|
|
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
|
|
env:
|
|
IS_EXTERNAL: ${{ steps.check-membership.outputs.is-external }}
|
|
with:
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
script: |
|
|
const { owner, repo } = context.repo;
|
|
const { h } = require('./.github/scripts/pr-labeler.js').loadAndInit(github, owner, repo, core);
|
|
|
|
const pr = context.payload.pull_request;
|
|
if (!pr) return;
|
|
const prNumber = pr.number;
|
|
const action = context.payload.action;
|
|
|
|
const toAdd = new Set();
|
|
const toRemove = new Set();
|
|
|
|
const currentLabels = (await github.paginate(
|
|
github.rest.issues.listLabelsOnIssue,
|
|
{ owner, repo, issue_number: prNumber, per_page: 100 },
|
|
)).map(l => l.name ?? '');
|
|
|
|
// ── Size + file labels (skip on 'edited' — files unchanged) ──
|
|
if (action !== 'edited') {
|
|
for (const sl of h.sizeLabels) await h.ensureLabel(sl);
|
|
|
|
const files = await github.paginate(github.rest.pulls.listFiles, {
|
|
owner, repo, pull_number: prNumber, per_page: 100,
|
|
});
|
|
|
|
const { totalChanged, sizeLabel } = h.computeSize(files);
|
|
toAdd.add(sizeLabel);
|
|
for (const sl of h.sizeLabels) {
|
|
if (currentLabels.includes(sl) && sl !== sizeLabel) toRemove.add(sl);
|
|
}
|
|
console.log(`Size: ${totalChanged} changed lines → ${sizeLabel}`);
|
|
|
|
for (const label of h.matchFileLabels(files)) {
|
|
toAdd.add(label);
|
|
}
|
|
}
|
|
|
|
// ── Title-based labels ──
|
|
const { labels: titleLabels, typeLabel } = h.matchTitleLabels(pr.title || '');
|
|
for (const label of titleLabels) toAdd.add(label);
|
|
|
|
// Remove stale type labels only when a type was detected
|
|
if (typeLabel) {
|
|
for (const tl of h.allTypeLabels) {
|
|
if (currentLabels.includes(tl) && !titleLabels.has(tl)) toRemove.add(tl);
|
|
}
|
|
}
|
|
|
|
// ── Internal label (only on open, non-external contributors) ──
|
|
// IS_EXTERNAL is empty string on non-opened events (step didn't
|
|
// run), so this guard is only true for opened + internal.
|
|
if (action === 'opened' && process.env.IS_EXTERNAL === 'false') {
|
|
toAdd.add('internal');
|
|
}
|
|
|
|
// ── Apply changes ──
|
|
// Ensure all labels we're about to add exist (addLabels returns
|
|
// 422 if any label in the batch is missing, which would prevent
|
|
// ALL labels from being applied).
|
|
for (const name of toAdd) {
|
|
await h.ensureLabel(name);
|
|
}
|
|
|
|
for (const name of toRemove) {
|
|
if (toAdd.has(name)) continue;
|
|
try {
|
|
await github.rest.issues.removeLabel({
|
|
owner, repo, issue_number: prNumber, name,
|
|
});
|
|
} catch (e) {
|
|
if (e.status !== 404) throw e;
|
|
}
|
|
}
|
|
|
|
const addList = [...toAdd];
|
|
if (addList.length > 0) {
|
|
await github.rest.issues.addLabels({
|
|
owner, repo, issue_number: prNumber, labels: addList,
|
|
});
|
|
}
|
|
|
|
const removed = [...toRemove].filter(r => !toAdd.has(r));
|
|
console.log(`PR #${prNumber}: +[${addList.join(', ')}] -[${removed.join(', ')}]`);
|
|
|
|
# Apply tier label BEFORE the external label so that
|
|
# "trusted-contributor" is already present when the "external" labeled
|
|
# event fires and triggers require_issue_link.yml.
|
|
- name: Apply contributor tier label
|
|
if: github.event.action == 'opened' && steps.check-membership.outputs.is-external == 'true'
|
|
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
|
|
with:
|
|
github-token: ${{ steps.app-token.outputs.token }}
|
|
script: |
|
|
const { owner, repo } = context.repo;
|
|
const { h } = require('./.github/scripts/pr-labeler.js').loadAndInit(github, owner, repo, core);
|
|
|
|
const pr = context.payload.pull_request;
|
|
await h.applyTierLabel(pr.number, pr.user.login);
|
|
|
|
- name: Add external label
|
|
if: github.event.action == 'opened' && steps.check-membership.outputs.is-external == 'true'
|
|
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
|
|
with:
|
|
# Use App token so the "labeled" event propagates to downstream
|
|
# workflows (e.g. require_issue_link.yml). Events created by the
|
|
# default GITHUB_TOKEN do not trigger additional workflow runs.
|
|
github-token: ${{ steps.app-token.outputs.token }}
|
|
script: |
|
|
const { owner, repo } = context.repo;
|
|
const prNumber = context.payload.pull_request.number;
|
|
|
|
const { h } = require('./.github/scripts/pr-labeler.js').loadAndInit(github, owner, repo, core);
|
|
|
|
await h.ensureLabel('external');
|
|
await github.rest.issues.addLabels({
|
|
owner, repo,
|
|
issue_number: prNumber,
|
|
labels: ['external'],
|
|
});
|
|
console.log(`Added 'external' label to PR #${prNumber}`);
|