Skip to content

[core] Fix security regressions in cherry-pick-next-to-master.yml #35

[core] Fix security regressions in cherry-pick-next-to-master.yml

[core] Fix security regressions in cherry-pick-next-to-master.yml #35

name: Cherry pick next to master
on:
pull_request_target:
branches:
- next
types: ['closed']
permissions: {}
jobs:
cherry_pick_to_master:
runs-on: ubuntu-latest
name: Cherry pick into master
permissions:
pull-requests: write
contents: write
if: ${{ contains(github.event.pull_request.labels.*.name, 'needs cherry-pick') && github.event.pull_request.merged == true }}
steps:
- name: Checkout
uses: actions/checkout@722adc63f1aa60a57ec37892e133b1d319cae598 # v2.0.0
with:
fetch-depth: 0
- name: Cherry pick and create the new PR
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
uses: carloscastrojumo/github-cherry-pick-action@a145da1b8142e752d3cbc11aaaa46a535690f0c5 # v1.0.9
with:
branch: master
body: 'Cherry-pick of #{old_pull_request_id}'
cherry-pick-branch: ${{ format('cherry-pick-{0}', github.event.number) }}
title: '{old_title} (@${{ github.event.pull_request.user.login }})'
labels: |
cherry-pick