Skip to content

ci: use gh app ephemeral tokens #164

ci: use gh app ephemeral tokens

ci: use gh app ephemeral tokens #164

Workflow file for this run

name: "Issue Labeler"
on:
issues:
types: [opened]
pull_request_target:
types: [opened]
# '*: write' permissions for https://docs.github.com/en/rest/issues/labels?apiVersion=2022-11-28#add-labels-to-an-issue
permissions:
contents: read
issues: write
pull-requests: write
jobs:
triage:
runs-on: ubuntu-latest
steps:
- name: Get token
id: get_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.OBS_AUTOMATION_APP_ID }}
private_key: ${{ secrets.OBS_AUTOMATION_APP_PEM }}
permissions: >-
{
"members": "read"
}
- id: is_elastic_member
uses: elastic/oblt-actions/github/is-member-of@v1
with:
github-org: "elastic"
github-user: ${{ github.actor }}
github-token: ${{ steps.get_token.outputs.token }}
- name: Add community and triage labels
if: contains(steps.is_elastic_member.outputs.result, 'false') && github.actor != 'dependabot[bot]'
uses: actions/github-script@v7
with:
script: |
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: ["community", "triage"]
})