ci: cherry pick improvements (#16477)

* git user name as param Signed-off-by: Jens Langhammer <jens@goauthentik.io> * prevent variable expansion in external strings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only run on pull_request_target for external PRs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * get bot ID from task Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2026-04-25 17:15:26 +02:00 · 2025-08-29 18:21:35 +01:00
parent 563e98e243
commit 7bb40bf058
2 changed files with 25 additions and 10 deletions
--- a/.github/actions/cherry-pick/action.yml
+++ b/.github/actions/cherry-pick/action.yml
@@ -5,6 +5,12 @@ inputs:
  token:
    description: "GitHub Token"
    required: true
+  git_user:
+    description: "Git user for pushing the cherry-pick PR"
+    required: true
+  git_user_email:
+    description: "Git user email for pushing the cherry-pick PR"
+    required: true

 runs:
  using: "composite"
@@ -97,9 +103,12 @@ runs:
    - name: Configure Git
      if: steps.should_run.outputs.should_run == 'true'
      shell: bash
+      env:
+        user: ${{ inputs.git_user }}
+        email: ${{ inputs.git_user_email }}
      run: |
-        git config --global user.name "authentik-automation[bot]"
-        git config --global user.email "135050075+authentik-automation[bot]@users.noreply.github.com"
+        git config --global user.name "${user}"
+        git config --global user.email "${email}"
    - name: Get PR details and extract backport labels
      if: steps.should_run.outputs.should_run == 'true'
      id: pr_details
@@ -145,11 +154,11 @@ runs:
        GITHUB_TOKEN: ${{ inputs.token }}
      run: |
        set -e -o pipefail
-        PR_NUMBER="${{ steps.should_run.outputs.pr_number }}"
-        COMMIT_SHA="${{ steps.should_run.outputs.merge_commit_sha }}"
-        PR_TITLE="${{ steps.pr_details.outputs.pr_title }}"
-        PR_AUTHOR="${{ steps.pr_details.outputs.pr_author }}"
-        LABELS="${{ steps.pr_details.outputs.labels }}"
+        PR_NUMBER='${{ steps.should_run.outputs.pr_number }}'
+        COMMIT_SHA='${{ steps.should_run.outputs.merge_commit_sha }}'
+        PR_TITLE='${{ steps.pr_details.outputs.pr_title }}'
+        PR_AUTHOR='${{ steps.pr_details.outputs.pr_author }}'
+        LABELS='${{ steps.pr_details.outputs.labels }}'

        echo "Processing PR #$PR_NUMBER (reason: ${{ steps.should_run.outputs.reason }})"
        echo "Found backport labels: $LABELS"
--- a/.github/workflows/gh-cherry-pick.yml
+++ b/.github/workflows/gh-cherry-pick.yml
@@ -1,10 +1,8 @@
 name: GH - Cherry-pick

 on:
-  pull_request:
-    types: [closed, labeled]
  pull_request_target:
-    types: [labeled]
+    types: [closed, labeled]

 jobs:
  cherry-pick:
@@ -24,7 +22,15 @@ jobs:
        with:
          fetch-depth: 0
          token: "${{ steps.app-token.outputs.token }}"
+      - id: get-user-id
+        if: ${{ steps.app-token.outcome != 'skipped' }}
+        name: Get GitHub app user ID
+        run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
+        env:
+          GH_TOKEN: "${{ steps.app-token.outputs.token }}"
      - uses: ./.github/actions/cherry-pick
        if: ${{ steps.app-token.outcome != 'skipped' }}
        with:
          token: ${{ steps.app-token.outputs.token }}
+          git_user: ${{ steps.app-token.outputs.app-slug }}[bot]
+          git_user_email: '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com'