Skip to content

Change tagbot workflow to run on pull_request_target and comment on security #31

Change tagbot workflow to run on pull_request_target and comment on security

Change tagbot workflow to run on pull_request_target and comment on security #31

Workflow file for this run

name: Tagbot
on: [pull_request_target]
concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: true
jobs:

Check failure on line 8 in .github/workflows/tagbot.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/tagbot.yml

Invalid workflow file

You have an error in your yaml syntax on line 8
tagbot:
# Note: can't rely on github.event.pull_request.merge_commit_sha because pull_request_target
# does not wait github mergability check, and the value is outdated.
runs-on: ubuntu-24.04
permissions:
pull-requests: write
steps:
- name: Checkout base branch for workflow scripts
uses: actions/checkout@v4
- name: Checkout PR for computing diff
uses: actions/checkout@v4
with:
ref: "${{ github.event.pull_request.head.sha }}"
path: 'pr'
fetch-depth: 0
- name: Attempt Merge
id: merge
run: |
git merge --no-commit --no-ff origin/${{ github.event.pull_request.base.ref }}
continue-on-error: true
- name: Check merge result
if: steps.merge.outcome == 'failure'
run: |
echo "Merge conflict detected, failing job."
exit 1
- name: set up Python
uses: actions/setup-python@v5
with:
python-version: 3.12
- name: Get packages
run: pip install gitpython requests
- name: Tag and comment
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: python .github/workflows/tagbot.py