From 19d09fd83eb306edddebf94a93231509cca43df5 Mon Sep 17 00:00:00 2001 From: idoko Date: Wed, 17 Sep 2025 23:17:48 +0100 Subject: [PATCH 1/6] scaffold automated feature build for external contributors --- .github/workflows/external-pr-trigger.yml | 79 ++++++++++++++ EXTERNAL_PR_ACTION.md | 119 ++++++++++++++++++++++ 2 files changed, 198 insertions(+) create mode 100644 .github/workflows/external-pr-trigger.yml create mode 100644 EXTERNAL_PR_ACTION.md diff --git a/.github/workflows/external-pr-trigger.yml b/.github/workflows/external-pr-trigger.yml new file mode 100644 index 000000000..caa51218e --- /dev/null +++ b/.github/workflows/external-pr-trigger.yml @@ -0,0 +1,79 @@ +name: External PR Trigger + +on: + pull_request: + types: [opened, reopened] + +jobs: + trigger-external-pr: + runs-on: ubuntu-latest + # Only run if the source branch does not have a PMM- prefix + if: | + !startsWith(github.event.pull_request.head.ref, 'PMM-') + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup Git Config + run: | + git config --global user.name "github-actions[bot]" + git config --global user.email "github-actions[bot]@users.noreply.github.com" + + - name: Create branch in target repository + env: + GITHUB_TOKEN: ${{ secrets.TARGET_REPO_TOKEN }} + TARGET_REPO: ${{ vars.TARGET_REPO_OWNER }}/${{ vars.TARGET_REPO_NAME }} + SOURCE_BRANCH: ${{ github.event.pull_request.head.ref }} + PR_AUTHOR: ${{ github.event.pull_request.user.login }} + run: | + # Clone the target repository + git clone https://x-access-token:${GITHUB_TOKEN}@github.com/${TARGET_REPO}.git target-repo + cd target-repo + + # Create a new branch based on the PR branch name + git checkout -b "mongodb-exporter-external-pr-${SOURCE_BRANCH}" + + # Check if ci.yml exists + if [ ! -f "ci.yml" ]; then + echo "Creating ci.yml file" + mkdir -p $(dirname ci.yml) + touch ci.yml + fi + + # Modify ci.yml file with PR information + cat > ci.yml << EOF + # Auto-generated from external PR + deps: + -name: mongodb_exporter + url: https://github.com/${GITHUB_REPOSITORY} + branch: ${SOURCE_BRANCH} + EOF + + # Commit changes + git add ci.yml + git commit -m "Update ci.yml for external PR #${PR_NUMBER} from ${PR_AUTHOR}" + + # Push the new branch + git push origin "external-pr-${SOURCE_BRANCH}" + + - name: Create Pull Request in target repository + env: + GITHUB_TOKEN: ${{ secrets.TARGET_REPO_TOKEN }} + TARGET_REPO: ${{ vars.TARGET_REPO_OWNER }}/${{ vars.TARGET_REPO_NAME }} + SOURCE_BRANCH: ${{ github.event.pull_request.head.ref }} + PR_NUMBER: ${{ github.event.pull_request.number }} + PR_AUTHOR: ${{ github.event.pull_request.user.login }} + run: | + # Create PR using GitHub CLI + gh pr create \ + --repo "${TARGET_REPO}" \ + --title "External PR: ${{ github.event.pull_request.title }}" \ + --body "This PR was automatically generated from external pull request #${PR_NUMBER} by @${PR_AUTHOR} in ${{ github.repository }} (branch: ${SOURCE_BRANCH}). + + Original PR: ${{ github.event.pull_request.html_url }} + + ## Original PR Description + ${{ github.event.pull_request.body }}" \ + --base main \ + --head "external-pr-${SOURCE_BRANCH}" diff --git a/EXTERNAL_PR_ACTION.md b/EXTERNAL_PR_ACTION.md new file mode 100644 index 000000000..53f8f08ba --- /dev/null +++ b/EXTERNAL_PR_ACTION.md @@ -0,0 +1,119 @@ +# External PR Trigger GitHub Action + +This GitHub Action automatically triggers actions in a target repository when a pull request is created by users who are not in an allowed list. + +## Overview + +When a pull request is opened, synchronized, or reopened from a branch that does NOT have a `PMM-` prefix, this action will: +1. Create a new branch in a specified target repository +2. Modify a `ci.yml` file in that repository with PR information +3. Create a pull request in the target repository + +## Setup Instructions + +### 1. Understanding the Branch Prefix Check + +The workflow file `.github/workflows/external-pr-trigger.yml` checks the source branch name: + +```yaml +if: | + !startsWith(github.event.pull_request.head.ref, 'PMM-') +``` + +This means: +- PRs from branches WITH the `PMM-` prefix will NOT trigger this action +- PRs from branches WITHOUT the `PMM-` prefix WILL trigger this action + +### 2. Create a Personal Access Token + +You need a Personal Access Token (PAT) with permissions to create branches and pull requests in the target repository: + +1. Go to GitHub Settings → Developer settings → Personal access tokens +2. Generate a new token with the following scopes: + - `repo` (full control of private repositories) + - `workflow` (if the target repo has GitHub Actions) +3. Copy the generated token + +### 3. Configure Repository Secrets + +In your repository settings, go to Secrets and variables → Actions, and add: + +- **SECRET**: `TARGET_REPO_TOKEN` - The Personal Access Token you created + +### 4. Configure Repository Variables + +In your repository settings, go to Secrets and variables → Actions → Variables tab, and add: + +- **VARIABLE**: `TARGET_REPO_OWNER` - The owner/organization of the target repository +- **VARIABLE**: `TARGET_REPO_NAME` - The name of the target repository + +Example: +- `TARGET_REPO_OWNER`: `myorg` +- `TARGET_REPO_NAME`: `ci-configs` + +### 5. Customize the ci.yml Content (Optional) + +The action creates/updates a `ci.yml` file in the target repository. You can customize the content by modifying this section in the workflow: + +```yaml +# Modify ci.yml file with PR information +cat > ci.yml << EOF +# Auto-generated from external PR +external_pr: + deps: + - name: mongodb_exporter + url: https://github.com/percona/mongodb_exporter + branch: branch-name +EOF +``` + +## How It Works + +1. **Trigger**: The action runs on every pull request event (opened, synchronized, reopened) + +3. **Branch Creation**: For external users, it: + - Clones the target repository + - Creates a new branch named `external-pr-{original-branch-name}` + - Updates the `ci.yml` file with PR metadata + +4. **Pull Request**: Creates a pull request in the target repository with: + - Title: "External PR: {original PR title}" + - Body: Contains a link to the original PR and its description + +## Security Considerations + +1. **Token Security**: The PAT is stored as a secret and never exposed in logs +2. **Limited Scope**: The action only modifies the specified `ci.yml` file +3. **Branch Filtering**: Only PRs from branches without the `PMM-` prefix trigger the action + +## Troubleshooting + +### Action Not Triggering +- Verify the branch does NOT have a `PMM-` prefix +- Check that the workflow file is in `.github/workflows/` directory +- Ensure the workflow has the correct event triggers + +### Permission Errors +- Verify the PAT has the correct scopes +- Check that the token hasn't expired +- Ensure the target repository allows the token's access + +### Branch/PR Creation Fails +- Check that the target repository exists +- Verify the `TARGET_REPO_OWNER` and `TARGET_REPO_NAME` variables are correct +- Ensure there isn't already a branch with the same name + +## Example Scenarios + +### Scenario 1: PR from non-PMM branch (Action triggers) +1. User creates PR #123 from branch `fix-bug` (no PMM- prefix) +2. This action triggers and: + - Creates branch `external-pr-fix-bug` in the target repository + - Updates `ci.yml` with PR #123's information + - Creates a PR in the target repository titled "External PR: Fix bug" +3. The target repository can then run its own CI/CD processes based on the `ci.yml` content + +### Scenario 2: PR from PMM branch (Action does NOT trigger) +1. User creates PR #124 from branch `PMM-1234-fix-issue` +2. This action does NOT trigger because the branch has the `PMM-` prefix +3. The PR proceeds with normal repository workflows From 6696eec44016f9f664e129e61c8c21d1bd2a2379 Mon Sep 17 00:00:00 2001 From: idoko Date: Wed, 17 Sep 2025 23:18:47 +0100 Subject: [PATCH 2/6] surpress docs --- EXTERNAL_PR_ACTION.md | 119 ------------------------------------------ 1 file changed, 119 deletions(-) delete mode 100644 EXTERNAL_PR_ACTION.md diff --git a/EXTERNAL_PR_ACTION.md b/EXTERNAL_PR_ACTION.md deleted file mode 100644 index 53f8f08ba..000000000 --- a/EXTERNAL_PR_ACTION.md +++ /dev/null @@ -1,119 +0,0 @@ -# External PR Trigger GitHub Action - -This GitHub Action automatically triggers actions in a target repository when a pull request is created by users who are not in an allowed list. - -## Overview - -When a pull request is opened, synchronized, or reopened from a branch that does NOT have a `PMM-` prefix, this action will: -1. Create a new branch in a specified target repository -2. Modify a `ci.yml` file in that repository with PR information -3. Create a pull request in the target repository - -## Setup Instructions - -### 1. Understanding the Branch Prefix Check - -The workflow file `.github/workflows/external-pr-trigger.yml` checks the source branch name: - -```yaml -if: | - !startsWith(github.event.pull_request.head.ref, 'PMM-') -``` - -This means: -- PRs from branches WITH the `PMM-` prefix will NOT trigger this action -- PRs from branches WITHOUT the `PMM-` prefix WILL trigger this action - -### 2. Create a Personal Access Token - -You need a Personal Access Token (PAT) with permissions to create branches and pull requests in the target repository: - -1. Go to GitHub Settings → Developer settings → Personal access tokens -2. Generate a new token with the following scopes: - - `repo` (full control of private repositories) - - `workflow` (if the target repo has GitHub Actions) -3. Copy the generated token - -### 3. Configure Repository Secrets - -In your repository settings, go to Secrets and variables → Actions, and add: - -- **SECRET**: `TARGET_REPO_TOKEN` - The Personal Access Token you created - -### 4. Configure Repository Variables - -In your repository settings, go to Secrets and variables → Actions → Variables tab, and add: - -- **VARIABLE**: `TARGET_REPO_OWNER` - The owner/organization of the target repository -- **VARIABLE**: `TARGET_REPO_NAME` - The name of the target repository - -Example: -- `TARGET_REPO_OWNER`: `myorg` -- `TARGET_REPO_NAME`: `ci-configs` - -### 5. Customize the ci.yml Content (Optional) - -The action creates/updates a `ci.yml` file in the target repository. You can customize the content by modifying this section in the workflow: - -```yaml -# Modify ci.yml file with PR information -cat > ci.yml << EOF -# Auto-generated from external PR -external_pr: - deps: - - name: mongodb_exporter - url: https://github.com/percona/mongodb_exporter - branch: branch-name -EOF -``` - -## How It Works - -1. **Trigger**: The action runs on every pull request event (opened, synchronized, reopened) - -3. **Branch Creation**: For external users, it: - - Clones the target repository - - Creates a new branch named `external-pr-{original-branch-name}` - - Updates the `ci.yml` file with PR metadata - -4. **Pull Request**: Creates a pull request in the target repository with: - - Title: "External PR: {original PR title}" - - Body: Contains a link to the original PR and its description - -## Security Considerations - -1. **Token Security**: The PAT is stored as a secret and never exposed in logs -2. **Limited Scope**: The action only modifies the specified `ci.yml` file -3. **Branch Filtering**: Only PRs from branches without the `PMM-` prefix trigger the action - -## Troubleshooting - -### Action Not Triggering -- Verify the branch does NOT have a `PMM-` prefix -- Check that the workflow file is in `.github/workflows/` directory -- Ensure the workflow has the correct event triggers - -### Permission Errors -- Verify the PAT has the correct scopes -- Check that the token hasn't expired -- Ensure the target repository allows the token's access - -### Branch/PR Creation Fails -- Check that the target repository exists -- Verify the `TARGET_REPO_OWNER` and `TARGET_REPO_NAME` variables are correct -- Ensure there isn't already a branch with the same name - -## Example Scenarios - -### Scenario 1: PR from non-PMM branch (Action triggers) -1. User creates PR #123 from branch `fix-bug` (no PMM- prefix) -2. This action triggers and: - - Creates branch `external-pr-fix-bug` in the target repository - - Updates `ci.yml` with PR #123's information - - Creates a PR in the target repository titled "External PR: Fix bug" -3. The target repository can then run its own CI/CD processes based on the `ci.yml` content - -### Scenario 2: PR from PMM branch (Action does NOT trigger) -1. User creates PR #124 from branch `PMM-1234-fix-issue` -2. This action does NOT trigger because the branch has the `PMM-` prefix -3. The PR proceeds with normal repository workflows From 5fd16f3d0d2773cba0bf0c242043e783952a0636 Mon Sep 17 00:00:00 2001 From: idoko Date: Wed, 17 Sep 2025 23:23:34 +0100 Subject: [PATCH 3/6] fix push branch --- .github/workflows/external-pr-trigger.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/external-pr-trigger.yml b/.github/workflows/external-pr-trigger.yml index caa51218e..c4c78b2f8 100644 --- a/.github/workflows/external-pr-trigger.yml +++ b/.github/workflows/external-pr-trigger.yml @@ -55,7 +55,7 @@ jobs: git commit -m "Update ci.yml for external PR #${PR_NUMBER} from ${PR_AUTHOR}" # Push the new branch - git push origin "external-pr-${SOURCE_BRANCH}" + git push origin "mongodb-exporter-external-pr-${SOURCE_BRANCH}" - name: Create Pull Request in target repository env: From 3e11534e75ac8382ad09c346b7cb458aea75e804 Mon Sep 17 00:00:00 2001 From: idoko Date: Wed, 17 Sep 2025 23:39:19 +0100 Subject: [PATCH 4/6] add push listeners --- .github/workflows/external-pr-trigger.yml | 129 +++++++++++++++--- EXTERNAL_PR_ACTION.md | 155 ++++++++++++++++++++++ 2 files changed, 264 insertions(+), 20 deletions(-) create mode 100644 EXTERNAL_PR_ACTION.md diff --git a/.github/workflows/external-pr-trigger.yml b/.github/workflows/external-pr-trigger.yml index c4c78b2f8..4d5a73bb6 100644 --- a/.github/workflows/external-pr-trigger.yml +++ b/.github/workflows/external-pr-trigger.yml @@ -2,14 +2,19 @@ name: External PR Trigger on: pull_request: - types: [opened, reopened] + types: [opened, synchronize, reopened] + push: + branches: + - "**" + - "!main" jobs: trigger-external-pr: runs-on: ubuntu-latest # Only run if the source branch does not have a PMM- prefix if: | - !startsWith(github.event.pull_request.head.ref, 'PMM-') + (github.event_name == 'pull_request' && !startsWith(github.event.pull_request.head.ref, 'PMM-')) || + (github.event_name == 'push' && !startsWith(github.ref_name, 'PMM-')) steps: - name: Checkout repository @@ -20,19 +25,39 @@ jobs: git config --global user.name "github-actions[bot]" git config --global user.email "github-actions[bot]@users.noreply.github.com" + - name: Set variables based on event type + id: set-vars + run: | + if [ "${{ github.event_name }}" == "pull_request" ]; then + echo "source_branch=${{ github.event.pull_request.head.ref }}" >> $GITHUB_OUTPUT + echo "pr_number=${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT + echo "pr_author=${{ github.event.pull_request.user.login }}" >> $GITHUB_OUTPUT + echo "pr_title=${{ github.event.pull_request.title }}" >> $GITHUB_OUTPUT + echo "pr_url=${{ github.event.pull_request.html_url }}" >> $GITHUB_OUTPUT + echo "pr_body=${{ github.event.pull_request.body }}" >> $GITHUB_OUTPUT + else + echo "source_branch=${{ github.ref_name }}" >> $GITHUB_OUTPUT + echo "pr_number=N/A" >> $GITHUB_OUTPUT + echo "pr_author=${{ github.actor }}" >> $GITHUB_OUTPUT + echo "pr_title=Push to ${{ github.ref_name }}" >> $GITHUB_OUTPUT + echo "pr_url=${{ github.server_url }}/${{ github.repository }}/tree/${{ github.ref_name }}" >> $GITHUB_OUTPUT + echo "pr_body=Automated PR for push to branch ${{ github.ref_name }}" >> $GITHUB_OUTPUT + fi + - name: Create branch in target repository env: GITHUB_TOKEN: ${{ secrets.TARGET_REPO_TOKEN }} TARGET_REPO: ${{ vars.TARGET_REPO_OWNER }}/${{ vars.TARGET_REPO_NAME }} - SOURCE_BRANCH: ${{ github.event.pull_request.head.ref }} - PR_AUTHOR: ${{ github.event.pull_request.user.login }} + SOURCE_BRANCH: ${{ steps.set-vars.outputs.source_branch }} + PR_NUMBER: ${{ steps.set-vars.outputs.pr_number }} + PR_AUTHOR: ${{ steps.set-vars.outputs.pr_author }} run: | # Clone the target repository git clone https://x-access-token:${GITHUB_TOKEN}@github.com/${TARGET_REPO}.git target-repo cd target-repo # Create a new branch based on the PR branch name - git checkout -b "mongodb-exporter-external-pr-${SOURCE_BRANCH}" + git checkout -b "external-pr-${SOURCE_BRANCH}" # Check if ci.yml exists if [ ! -f "ci.yml" ]; then @@ -44,36 +69,100 @@ jobs: # Modify ci.yml file with PR information cat > ci.yml << EOF # Auto-generated from external PR - deps: - -name: mongodb_exporter - url: https://github.com/${GITHUB_REPOSITORY} - branch: ${SOURCE_BRANCH} + external_pr: + source_repo: ${{ github.repository }} + pr_number: ${PR_NUMBER} + pr_author: ${PR_AUTHOR} + pr_branch: ${SOURCE_BRANCH} + pr_title: ${{ steps.set-vars.outputs.pr_title }} + pr_url: ${{ steps.set-vars.outputs.pr_url }} + triggered_at: $(date -u +"%Y-%m-%dT%H:%M:%SZ") + event_type: ${{ github.event_name }} + commit_sha: ${{ github.sha }} EOF # Commit changes git add ci.yml - git commit -m "Update ci.yml for external PR #${PR_NUMBER} from ${PR_AUTHOR}" + if [ "${{ github.event_name }}" == "pull_request" ]; then + git commit -m "Update ci.yml for external PR #${PR_NUMBER} from ${PR_AUTHOR}" + else + git commit -m "Update ci.yml for push to ${SOURCE_BRANCH} by ${PR_AUTHOR}" + fi # Push the new branch - git push origin "mongodb-exporter-external-pr-${SOURCE_BRANCH}" + git push origin "external-pr-${SOURCE_BRANCH}" + + - name: Check if PR already exists in target repository + id: check-pr + env: + GITHUB_TOKEN: ${{ secrets.TARGET_REPO_TOKEN }} + TARGET_REPO: ${{ vars.TARGET_REPO_OWNER }}/${{ vars.TARGET_REPO_NAME }} + SOURCE_BRANCH: ${{ steps.set-vars.outputs.source_branch }} + run: | + # Check if a PR already exists for this branch + EXISTING_PR=$(gh pr list --repo "${TARGET_REPO}" --head "external-pr-${SOURCE_BRANCH}" --json number --jq '.[0].number' || echo "") + + if [ -n "$EXISTING_PR" ]; then + echo "PR already exists: #${EXISTING_PR}" + echo "pr_exists=true" >> $GITHUB_OUTPUT + echo "existing_pr_number=${EXISTING_PR}" >> $GITHUB_OUTPUT + else + echo "No existing PR found" + echo "pr_exists=false" >> $GITHUB_OUTPUT + fi - name: Create Pull Request in target repository + if: steps.check-pr.outputs.pr_exists == 'false' env: GITHUB_TOKEN: ${{ secrets.TARGET_REPO_TOKEN }} TARGET_REPO: ${{ vars.TARGET_REPO_OWNER }}/${{ vars.TARGET_REPO_NAME }} - SOURCE_BRANCH: ${{ github.event.pull_request.head.ref }} - PR_NUMBER: ${{ github.event.pull_request.number }} - PR_AUTHOR: ${{ github.event.pull_request.user.login }} + SOURCE_BRANCH: ${{ steps.set-vars.outputs.source_branch }} + PR_NUMBER: ${{ steps.set-vars.outputs.pr_number }} + PR_AUTHOR: ${{ steps.set-vars.outputs.pr_author }} + PR_TITLE: ${{ steps.set-vars.outputs.pr_title }} + PR_URL: ${{ steps.set-vars.outputs.pr_url }} + PR_BODY: ${{ steps.set-vars.outputs.pr_body }} run: | # Create PR using GitHub CLI - gh pr create \ - --repo "${TARGET_REPO}" \ - --title "External PR: ${{ github.event.pull_request.title }}" \ - --body "This PR was automatically generated from external pull request #${PR_NUMBER} by @${PR_AUTHOR} in ${{ github.repository }} (branch: ${SOURCE_BRANCH}). + if [ "${{ github.event_name }}" == "pull_request" ]; then + TITLE="External PR: ${PR_TITLE}" + BODY="This PR was automatically generated from external pull request #${PR_NUMBER} by @${PR_AUTHOR} in ${{ github.repository }} (branch: ${SOURCE_BRANCH}). - Original PR: ${{ github.event.pull_request.html_url }} + Original PR: ${PR_URL} ## Original PR Description - ${{ github.event.pull_request.body }}" \ + ${PR_BODY}" + else + TITLE="External Push: ${SOURCE_BRANCH}" + BODY="This PR was automatically generated from a push to branch ${SOURCE_BRANCH} by @${PR_AUTHOR} in ${{ github.repository }}. + + Branch: ${PR_URL} + + ## Push Details + - Pusher: @${PR_AUTHOR} + - Commit: ${{ github.sha }} + - Timestamp: $(date -u +"%Y-%m-%dT%H:%M:%SZ")" + fi + + gh pr create \ + --repo "${TARGET_REPO}" \ + --title "${TITLE}" \ + --body "${BODY}" \ --base main \ --head "external-pr-${SOURCE_BRANCH}" + + - name: Update existing PR in target repository + if: steps.check-pr.outputs.pr_exists == 'true' + env: + GITHUB_TOKEN: ${{ secrets.TARGET_REPO_TOKEN }} + TARGET_REPO: ${{ vars.TARGET_REPO_OWNER }}/${{ vars.TARGET_REPO_NAME }} + EXISTING_PR: ${{ steps.check-pr.outputs.existing_pr_number }} + SOURCE_BRANCH: ${{ steps.set-vars.outputs.source_branch }} + run: | + echo "PR #${EXISTING_PR} already exists in ${TARGET_REPO} for branch external-pr-${SOURCE_BRANCH}" + echo "The branch has been updated with the latest changes." + + # Optionally, add a comment to the existing PR + gh pr comment ${EXISTING_PR} \ + --repo "${TARGET_REPO}" \ + --body "Branch updated with new changes from ${{ github.event_name }} event at $(date -u +"%Y-%m-%dT%H:%M:%SZ")" diff --git a/EXTERNAL_PR_ACTION.md b/EXTERNAL_PR_ACTION.md new file mode 100644 index 000000000..bda193ae5 --- /dev/null +++ b/EXTERNAL_PR_ACTION.md @@ -0,0 +1,155 @@ +# External PR Trigger GitHub Action + +This GitHub Action automatically triggers actions in a target repository when a pull request is created or when commits are pushed to branches that don't have a `PMM-` prefix. + +## Overview + +When a pull request is opened, synchronized, or reopened, OR when commits are pushed to a branch that does NOT have a `PMM-` prefix, this action will: +1. Create a new branch in a specified target repository +2. Modify a `ci.yml` file in that repository with PR/push information +3. Create a pull request in the target repository (or update if one already exists) + +## Trigger Events + +The action triggers on: +- **Pull Request events**: opened, synchronized, reopened +- **Push events**: to any branch except `main` and `master` + +In both cases, the action only runs if the branch does NOT have a `PMM-` prefix. + +## Setup Instructions + +### 1. Understanding the Branch Prefix Check + +The workflow checks the source branch name: + +```yaml +if: | + (github.event_name == 'pull_request' && !startsWith(github.event.pull_request.head.ref, 'PMM-')) || + (github.event_name == 'push' && !startsWith(github.ref_name, 'PMM-')) +``` + +This means: +- Branches WITH the `PMM-` prefix will NOT trigger this action +- Branches WITHOUT the `PMM-` prefix WILL trigger this action + +### 2. Create a Personal Access Token + +You need a Personal Access Token (PAT) with permissions to create branches and pull requests in the target repository: + +1. Go to GitHub Settings → Developer settings → Personal access tokens +2. Generate a new token with the following scopes: + - `repo` (full control of private repositories) + - `workflow` (if the target repo has GitHub Actions) +3. Copy the generated token + +### 3. Configure Repository Secrets + +In your repository settings, go to Secrets and variables → Actions, and add: + +- **SECRET**: `TARGET_REPO_TOKEN` - The Personal Access Token you created + +### 4. Configure Repository Variables + +In your repository settings, go to Secrets and variables → Actions → Variables tab, and add: + +- **VARIABLE**: `TARGET_REPO_OWNER` - The owner/organization of the target repository +- **VARIABLE**: `TARGET_REPO_NAME` - The name of the target repository + +Example: +- `TARGET_REPO_OWNER`: `myorg` +- `TARGET_REPO_NAME`: `ci-configs` + +### 5. Customize the ci.yml Content (Optional) + +The action creates/updates a `ci.yml` file in the target repository. The content includes: + +```yaml +# Auto-generated from external PR +external_pr: + source_repo: + pr_number: + pr_author: + pr_branch: + pr_title: + pr_url: + triggered_at: + event_type: + commit_sha: +``` + +## How It Works + +### For Pull Requests + +1. **Trigger**: PR is opened, synchronized, or reopened +2. **Branch Check**: Verifies the PR branch doesn't have `PMM-` prefix +3. **Target Branch**: Creates/updates branch `external-pr-{source-branch-name}` +4. **PR Creation**: Creates a PR titled "External PR: {original PR title}" + +### For Push Events + +1. **Trigger**: Commits are pushed to a branch (not main/master) +2. **Branch Check**: Verifies the branch doesn't have `PMM-` prefix +3. **Target Branch**: Creates/updates branch `external-pr-{source-branch-name}` +4. **PR Handling**: + - If no PR exists: Creates one titled "External Push: {branch name}" + - If PR exists: Updates the branch and adds a comment to the existing PR + +## Key Features + +### Duplicate PR Prevention +The action checks if a PR already exists for the branch in the target repository: +- If no PR exists: Creates a new one +- If PR exists: Updates the branch and comments on the existing PR + +### Event-Specific Information +The `ci.yml` file includes different metadata based on the triggering event: +- **Pull Request**: Includes PR number, title, and description +- **Push**: Includes branch name, pusher, and commit SHA + +## Security Considerations + +1. **Token Security**: The PAT is stored as a secret and never exposed in logs +2. **Limited Scope**: The action only modifies the specified `ci.yml` file +3. **Branch Filtering**: Only branches without the `PMM-` prefix trigger the action +4. **Protected Branches**: Pushes to `main` and `master` are excluded + +## Troubleshooting + +### Action Not Triggering +- Verify the branch does NOT have a `PMM-` prefix +- Check that the workflow file is in `.github/workflows/` directory +- Ensure the event (PR or push) matches the configured triggers +- For pushes, verify the branch is not `main` or `master` + +### Permission Errors +- Verify the PAT has the correct scopes +- Check that the token hasn't expired +- Ensure the target repository allows the token's access + +### Branch/PR Creation Fails +- Check that the target repository exists +- Verify the `TARGET_REPO_OWNER` and `TARGET_REPO_NAME` variables are correct +- Check for existing branches with conflicting names + +## Example Scenarios + +### Scenario 1: New PR from non-PMM branch +1. User creates PR #123 from branch `fix-bug` +2. Action creates branch `external-pr-fix-bug` in target repo +3. Creates PR titled "External PR: Fix bug title" + +### Scenario 2: Push to existing branch with PR +1. User pushes to branch `feature-xyz` (PR already exists in target) +2. Action updates branch `external-pr-feature-xyz` +3. Adds comment to existing PR about the update + +### Scenario 3: Push to new branch without PR +1. User pushes to new branch `hotfix-123` +2. Action creates branch `external-pr-hotfix-123` in target repo +3. Creates PR titled "External Push: hotfix-123" + +### Scenario 4: PMM branch (Action does NOT trigger) +1. User creates PR or pushes to branch `PMM-1234-fix-issue` +2. Action does NOT trigger due to `PMM-` prefix \ No newline at end of file From aefdc33bc2d2e87d4ee3289650ebb13f7abc96d1 Mon Sep 17 00:00:00 2001 From: idoko Date: Thu, 18 Sep 2025 07:50:38 +0100 Subject: [PATCH 5/6] drop push triggers --- .github/workflows/external-pr-trigger.yml | 4 - EXTERNAL_PR_ACTION.md | 155 ---------------------- 2 files changed, 159 deletions(-) delete mode 100644 EXTERNAL_PR_ACTION.md diff --git a/.github/workflows/external-pr-trigger.yml b/.github/workflows/external-pr-trigger.yml index 4d5a73bb6..2ba1cefa6 100644 --- a/.github/workflows/external-pr-trigger.yml +++ b/.github/workflows/external-pr-trigger.yml @@ -3,10 +3,6 @@ name: External PR Trigger on: pull_request: types: [opened, synchronize, reopened] - push: - branches: - - "**" - - "!main" jobs: trigger-external-pr: diff --git a/EXTERNAL_PR_ACTION.md b/EXTERNAL_PR_ACTION.md deleted file mode 100644 index bda193ae5..000000000 --- a/EXTERNAL_PR_ACTION.md +++ /dev/null @@ -1,155 +0,0 @@ -# External PR Trigger GitHub Action - -This GitHub Action automatically triggers actions in a target repository when a pull request is created or when commits are pushed to branches that don't have a `PMM-` prefix. - -## Overview - -When a pull request is opened, synchronized, or reopened, OR when commits are pushed to a branch that does NOT have a `PMM-` prefix, this action will: -1. Create a new branch in a specified target repository -2. Modify a `ci.yml` file in that repository with PR/push information -3. Create a pull request in the target repository (or update if one already exists) - -## Trigger Events - -The action triggers on: -- **Pull Request events**: opened, synchronized, reopened -- **Push events**: to any branch except `main` and `master` - -In both cases, the action only runs if the branch does NOT have a `PMM-` prefix. - -## Setup Instructions - -### 1. Understanding the Branch Prefix Check - -The workflow checks the source branch name: - -```yaml -if: | - (github.event_name == 'pull_request' && !startsWith(github.event.pull_request.head.ref, 'PMM-')) || - (github.event_name == 'push' && !startsWith(github.ref_name, 'PMM-')) -``` - -This means: -- Branches WITH the `PMM-` prefix will NOT trigger this action -- Branches WITHOUT the `PMM-` prefix WILL trigger this action - -### 2. Create a Personal Access Token - -You need a Personal Access Token (PAT) with permissions to create branches and pull requests in the target repository: - -1. Go to GitHub Settings → Developer settings → Personal access tokens -2. Generate a new token with the following scopes: - - `repo` (full control of private repositories) - - `workflow` (if the target repo has GitHub Actions) -3. Copy the generated token - -### 3. Configure Repository Secrets - -In your repository settings, go to Secrets and variables → Actions, and add: - -- **SECRET**: `TARGET_REPO_TOKEN` - The Personal Access Token you created - -### 4. Configure Repository Variables - -In your repository settings, go to Secrets and variables → Actions → Variables tab, and add: - -- **VARIABLE**: `TARGET_REPO_OWNER` - The owner/organization of the target repository -- **VARIABLE**: `TARGET_REPO_NAME` - The name of the target repository - -Example: -- `TARGET_REPO_OWNER`: `myorg` -- `TARGET_REPO_NAME`: `ci-configs` - -### 5. Customize the ci.yml Content (Optional) - -The action creates/updates a `ci.yml` file in the target repository. The content includes: - -```yaml -# Auto-generated from external PR -external_pr: - source_repo: - pr_number: - pr_author: - pr_branch: - pr_title: - pr_url: - triggered_at: - event_type: - commit_sha: -``` - -## How It Works - -### For Pull Requests - -1. **Trigger**: PR is opened, synchronized, or reopened -2. **Branch Check**: Verifies the PR branch doesn't have `PMM-` prefix -3. **Target Branch**: Creates/updates branch `external-pr-{source-branch-name}` -4. **PR Creation**: Creates a PR titled "External PR: {original PR title}" - -### For Push Events - -1. **Trigger**: Commits are pushed to a branch (not main/master) -2. **Branch Check**: Verifies the branch doesn't have `PMM-` prefix -3. **Target Branch**: Creates/updates branch `external-pr-{source-branch-name}` -4. **PR Handling**: - - If no PR exists: Creates one titled "External Push: {branch name}" - - If PR exists: Updates the branch and adds a comment to the existing PR - -## Key Features - -### Duplicate PR Prevention -The action checks if a PR already exists for the branch in the target repository: -- If no PR exists: Creates a new one -- If PR exists: Updates the branch and comments on the existing PR - -### Event-Specific Information -The `ci.yml` file includes different metadata based on the triggering event: -- **Pull Request**: Includes PR number, title, and description -- **Push**: Includes branch name, pusher, and commit SHA - -## Security Considerations - -1. **Token Security**: The PAT is stored as a secret and never exposed in logs -2. **Limited Scope**: The action only modifies the specified `ci.yml` file -3. **Branch Filtering**: Only branches without the `PMM-` prefix trigger the action -4. **Protected Branches**: Pushes to `main` and `master` are excluded - -## Troubleshooting - -### Action Not Triggering -- Verify the branch does NOT have a `PMM-` prefix -- Check that the workflow file is in `.github/workflows/` directory -- Ensure the event (PR or push) matches the configured triggers -- For pushes, verify the branch is not `main` or `master` - -### Permission Errors -- Verify the PAT has the correct scopes -- Check that the token hasn't expired -- Ensure the target repository allows the token's access - -### Branch/PR Creation Fails -- Check that the target repository exists -- Verify the `TARGET_REPO_OWNER` and `TARGET_REPO_NAME` variables are correct -- Check for existing branches with conflicting names - -## Example Scenarios - -### Scenario 1: New PR from non-PMM branch -1. User creates PR #123 from branch `fix-bug` -2. Action creates branch `external-pr-fix-bug` in target repo -3. Creates PR titled "External PR: Fix bug title" - -### Scenario 2: Push to existing branch with PR -1. User pushes to branch `feature-xyz` (PR already exists in target) -2. Action updates branch `external-pr-feature-xyz` -3. Adds comment to existing PR about the update - -### Scenario 3: Push to new branch without PR -1. User pushes to new branch `hotfix-123` -2. Action creates branch `external-pr-hotfix-123` in target repo -3. Creates PR titled "External Push: hotfix-123" - -### Scenario 4: PMM branch (Action does NOT trigger) -1. User creates PR or pushes to branch `PMM-1234-fix-issue` -2. Action does NOT trigger due to `PMM-` prefix \ No newline at end of file From dcdd9a12b7c59a1dbb623b15460b0de87eb5bce5 Mon Sep 17 00:00:00 2001 From: idoko Date: Fri, 19 Sep 2025 08:37:00 +0100 Subject: [PATCH 6/6] update actions file --- .github/workflows/external-pr-trigger.yml | 22 ++++------------------ 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/.github/workflows/external-pr-trigger.yml b/.github/workflows/external-pr-trigger.yml index 2ba1cefa6..c3d58148c 100644 --- a/.github/workflows/external-pr-trigger.yml +++ b/.github/workflows/external-pr-trigger.yml @@ -55,26 +55,12 @@ jobs: # Create a new branch based on the PR branch name git checkout -b "external-pr-${SOURCE_BRANCH}" - # Check if ci.yml exists - if [ ! -f "ci.yml" ]; then - echo "Creating ci.yml file" - mkdir -p $(dirname ci.yml) - touch ci.yml - fi - # Modify ci.yml file with PR information cat > ci.yml << EOF - # Auto-generated from external PR - external_pr: - source_repo: ${{ github.repository }} - pr_number: ${PR_NUMBER} - pr_author: ${PR_AUTHOR} - pr_branch: ${SOURCE_BRANCH} - pr_title: ${{ steps.set-vars.outputs.pr_title }} - pr_url: ${{ steps.set-vars.outputs.pr_url }} - triggered_at: $(date -u +"%Y-%m-%dT%H:%M:%SZ") - event_type: ${{ github.event_name }} - commit_sha: ${{ github.sha }} + deps: + - name: mongodb_exporter + url: https://github.com/${GITHUB_REPOSITORY} + branch: ${SOURCE_BRANCH} EOF # Commit changes