summaryrefslogtreecommitdiff
path: root/.github/workflows/auto-author-assign.yml
diff options
context:
space:
mode:
authorYuriy Andamasov <yuriy@vyos.io>2026-05-30 12:44:44 +0300
committerYuriy Andamasov <yuriy@vyos.io>2026-05-30 12:44:44 +0300
commitbbf1b0a43326070bcc958810c3bc70451f76955b (patch)
tree0904df9e6d761b27d6f519157d42af7d7f3a742a /.github/workflows/auto-author-assign.yml
parentb5e2b170016ca3dd011df7de42ec858858564bb7 (diff)
downloadvyos-github-actions-chore/T8937-retire-mergify-replaceable-ghas.tar.gz
vyos-github-actions-chore/T8937-retire-mergify-replaceable-ghas.zip
chore: T8937: retire Mergify-replaceable GHA caller workflowschore/T8937-retire-mergify-replaceable-ghas
Replaces 5 caller workflows now superseded by central Mergify rules. See https://vyos.dev/T8937 for the design + spec + plan. Advances: T8937 🤖 Generated by [robots](https://vyos.io)
Diffstat (limited to '.github/workflows/auto-author-assign.yml')
-rw-r--r--.github/workflows/auto-author-assign.yml54
1 files changed, 0 insertions, 54 deletions
diff --git a/.github/workflows/auto-author-assign.yml b/.github/workflows/auto-author-assign.yml
deleted file mode 100644
index 77021dd..0000000
--- a/.github/workflows/auto-author-assign.yml
+++ /dev/null
@@ -1,54 +0,0 @@
-name: "PR Triage"
-on:
- pull_request_target:
- types: [opened, reopened, ready_for_review, locked]
-
-permissions:
- pull-requests: write
-
-jobs:
- # https://github.com/marketplace/actions/auto-author-assign
- assign-author:
- runs-on: ubuntu-latest
- steps:
- - name: "Assign Author to PR"
- uses: toshimaru/auto-author-assign@2daaeb2988aef24bf37e636fe733f365c046aba0 # v1.6.2
- with:
- repo-token: ${{ secrets.GITHUB_TOKEN }}
-
- # https://github.com/shufo/auto-assign-reviewer-by-files
- #
- # Auth: mint a vyos-bot[bot] App-installation token via the central
- # composite action at vyos/.github/.github/actions/get-token@current.
- # Replaces the prior classic PAT (secrets.PR_ACTION_ASSIGN_REVIEWERS)
- # which the VyOS-Networks enterprise rejects because its lifetime
- # exceeds the 90-day cap on classic PATs ("The 'VyOS Networks'
- # enterprise forbids access via a personal access tokens (classic)
- # if the token's lifetime is greater than 90 days").
- #
- # vyos-bot App permissions include `pull_requests: read+write`, which
- # is sufficient for shufo/auto-assign-reviewer-by-files to assign
- # reviewers and read the team-based config in .github/reviewers.yml.
- # See https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-as-a-github-app-installation
- # for documentation on GitHub App installation tokens.
- assign_reviewer:
- runs-on: ubuntu-latest
- steps:
- - name: Mint vyos-bot installation token
- id: token
- uses: vyos/.github/.github/actions/get-token@8a437c7bd8ef6f682f87a428f50e24832a0d316d # current branch HEAD as of 2026-05-28
- with:
- owner: vyos
- client-id: ${{ vars.APP_CLIENT_ID }}
- private-key: ${{ secrets.APP_PRIVATE_KEY }}
- # Scope the minted token down to only what shufo needs
- # (assigning reviewers via the Pull Requests API).
- # Defense in depth: pull_request_target events expose secrets,
- # so the narrower the token, the smaller the blast radius if
- # the downstream action is ever compromised.
- permissions: '{"pull_requests":"write"}'
- - name: Request review based on files changes and/or groups the author belongs to
- uses: shufo/auto-assign-reviewer-by-files@f5f3db9ef06bd72ab6978996988c6462cbdaabf6 # v1.1.4
- with:
- token: ${{ steps.token.outputs.token }}
- config: .github/reviewers.yml