From a1de9e57c2e165e75a6f8573fb7029236f5d8ac9 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Mon, 18 May 2026 21:08:57 -0700 Subject: [PATCH] ci: split giteabot workflow (#37770) ## What This PR updates the giteabot workflows to use the newer action version that supports selecting individual checks, and splits the workflow into two separate jobs: - `giteabot backport` runs only the `backport` check on pushes to `main` - `giteabot` handles the remaining bot tasks on PR-related events, scheduled runs, and manual dispatch ## Why Previously, the single workflow handled both backporting and the other maintenance tasks together. With the new giteabot action supporting configurable checks, splitting the workflow makes the triggers clearer and avoids running non-backport maintenance on every push to `main`. ## Changes - upgrade `go-gitea/giteabot` to a revision that supports the `checks` input - move the `main` branch `push` trigger into a dedicated backport workflow - keep non-backport automation in the existing workflow - add a `workflow_dispatch` input so non-backport checks can be selected manually when needed --- Helped by a coding agent with Codex 5.4 --------- Co-authored-by: Nicolas --- .github/workflows/giteabot-backport.yml | 26 +++++++++++++++++++++++++ .github/workflows/giteabot.yml | 19 ++++++++++++------ 2 files changed, 39 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/giteabot-backport.yml diff --git a/.github/workflows/giteabot-backport.yml b/.github/workflows/giteabot-backport.yml new file mode 100644 index 00000000000..be4b3d42a1c --- /dev/null +++ b/.github/workflows/giteabot-backport.yml @@ -0,0 +1,26 @@ +name: giteabot backport + +on: + push: + branches: + - main + workflow_dispatch: + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }} + cancel-in-progress: false + +jobs: + giteabot: + if: github.repository == 'go-gitea/gitea' + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + - uses: go-gitea/giteabot@40d7c74f93d479578978c4ef47a655a467b8dab1 # Add config options (#5) + with: + github_token: ${{ secrets.GITEABOT_TOKEN }} + gitea_fork: giteabot/gitea + checks: backport diff --git a/.github/workflows/giteabot.yml b/.github/workflows/giteabot.yml index dad7a19fdb4..b9e3cc1651b 100644 --- a/.github/workflows/giteabot.yml +++ b/.github/workflows/giteabot.yml @@ -1,9 +1,6 @@ name: giteabot on: - push: - branches: - - main # pull_request_target gives this workflow access to GITEABOT_TOKEN on PRs from # forks, which the bot needs to write labels, statuses and comments. Safe here # because the job only runs a pinned action and never checks out PR HEAD. @@ -24,9 +21,17 @@ on: schedule: - cron: "15 3 * * *" workflow_dispatch: + inputs: + checks: + description: Comma-separated list of non-backport checks to run + required: false + default: labels,merge_queue,lock,feedback,last_call,milestones,lgtm,translation_comment,pr_actions permissions: contents: read + issues: write + pull-requests: write + statuses: write concurrency: group: ${{ format('{0}-{1}', github.workflow, (github.event_name == 'pull_request_target' || github.event_name == 'pull_request_review') && format('pr-{0}', github.event.pull_request.number) || 'maintenance') }} @@ -38,7 +43,9 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: go-gitea/giteabot@8996d0b0e6c4ab066e3adcaf2c49b5d4cd15d7af # v1.0.1 + # pull_request_review runs without repository secrets on fork PRs, so fall + # back to the workflow token for the non-backport checks handled here. + - uses: go-gitea/giteabot@40d7c74f93d479578978c4ef47a655a467b8dab1 # Add config options (#5) with: - github_token: ${{ secrets.GITEABOT_TOKEN }} - gitea_fork: giteabot/gitea + github_token: ${{ secrets.GITEABOT_TOKEN || github.token }} + checks: ${{ github.event.inputs.checks || 'labels,merge_queue,lock,feedback,last_call,milestones,lgtm,translation_comment,pr_actions' }}