ci: split giteabot workflow (#37770)

## What This PR updates the giteabot workflows to use the newer action version that supports selecting individual checks, and splits the workflow into two separate jobs: - `giteabot backport` runs only the `backport` check on pushes to `main` - `giteabot` handles the remaining bot tasks on PR-related events, scheduled runs, and manual dispatch ## Why Previously, the single workflow handled both backporting and the other maintenance tasks together. With the new giteabot action supporting configurable checks, splitting the workflow makes the triggers clearer and avoids running non-backport maintenance on every push to `main`. ## Changes - upgrade `go-gitea/giteabot` to a revision that supports the `checks` input - move the `main` branch `push` trigger into a dedicated backport workflow - keep non-backport automation in the existing workflow - add a `workflow_dispatch` input so non-backport checks can be selected manually when needed --- Helped by a coding agent with Codex 5.4 --------- Co-authored-by: Nicolas <bircni@icloud.com>
2026-05-23 05:42:33 +09:00 · 2026-05-18 21:08:57 -07:00
parent 78d744aa01
commit a1de9e57c2
2 changed files with 39 additions and 6 deletions
--- a/.github/workflows/giteabot-backport.yml
+++ b/.github/workflows/giteabot-backport.yml
@@ -0,0 +1,26 @@
+name: giteabot backport
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: false
+
+jobs:
+  giteabot:
+    if: github.repository == 'go-gitea/gitea'
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - uses: go-gitea/giteabot@40d7c74f93d479578978c4ef47a655a467b8dab1 # Add config options (#5)
+        with:
+          github_token: ${{ secrets.GITEABOT_TOKEN }}
+          gitea_fork: giteabot/gitea
+          checks: backport
--- a/.github/workflows/giteabot.yml
+++ b/.github/workflows/giteabot.yml
@@ -1,9 +1,6 @@
 name: giteabot

 on:
-  push:
-    branches:
-      - main
  # pull_request_target gives this workflow access to GITEABOT_TOKEN on PRs from
  # forks, which the bot needs to write labels, statuses and comments. Safe here
  # because the job only runs a pinned action and never checks out PR HEAD.
@@ -24,9 +21,17 @@ on:
  schedule:
    - cron: "15 3 * * *"
  workflow_dispatch:
+    inputs:
+      checks:
+        description: Comma-separated list of non-backport checks to run
+        required: false
+        default: labels,merge_queue,lock,feedback,last_call,milestones,lgtm,translation_comment,pr_actions

 permissions:
  contents: read
+  issues: write
+  pull-requests: write
+  statuses: write

 concurrency:
  group: ${{ format('{0}-{1}', github.workflow, (github.event_name == 'pull_request_target' || github.event_name == 'pull_request_review') && format('pr-{0}', github.event.pull_request.number) || 'maintenance') }}
@@ -38,7 +43,9 @@ jobs:
    runs-on: ubuntu-latest
    timeout-minutes: 30
    steps:
-      - uses: go-gitea/giteabot@8996d0b0e6c4ab066e3adcaf2c49b5d4cd15d7af # v1.0.1
+      # pull_request_review runs without repository secrets on fork PRs, so fall
+      # back to the workflow token for the non-backport checks handled here.
+      - uses: go-gitea/giteabot@40d7c74f93d479578978c4ef47a655a467b8dab1 # Add config options (#5)
        with:
-          github_token: ${{ secrets.GITEABOT_TOKEN }}
-          gitea_fork: giteabot/gitea
+          github_token: ${{ secrets.GITEABOT_TOKEN || github.token }}
+          checks: ${{ github.event.inputs.checks || 'labels,merge_queue,lock,feedback,last_call,milestones,lgtm,translation_comment,pr_actions' }}