name: Labelled Ready to Sync Public on: pull_request: types: [labeled] env: ROT13_STAGING_OWNER: ${{ secrets.ROT13_STAGING_OWNER }} ROT13_UPSTREAM_OWNER: ${{ secrets.ROT13_UPSTREAM_OWNER }} ROT13_UPSTREAM_BRANCH: ${{ secrets.ROT13_UPSTREAM_BRANCH }} jobs: Push-To-Staging: name: Push to staging runs-on: ${{ vars.USE_SELF_HOSTED == 'true' && 'self-hosted' || 'ubuntu-latest' }} permissions: # Read-only access so we don't accidentally try to push to *this* repository. contents: read # Pull request write access, so we can remove the label. issues: write pull-requests: write # Deployment write access, so we can add the nice deployment info. deployments: write # Only run on the private repository. if: github.event.repository.private && github.event.label.name == 'Ready To Sync Public' steps: - name: Detect configuration uses: The-OpenROAD-Project/actions/auto_config@main - name: Removing label '${{ github.event.label.name }}' uses: The-OpenROAD-Project/actions/remove_label@main continue-on-error: true - name: Clone repository uses: The-OpenROAD-Project/actions/clone_from@main with: branch: ${{ env.PRIVATE_BRANCH }} checkout: true - name: Run security scan uses: The-OpenROAD-Project/actions/security_scan_on_push@main - name: Push to staging repository. uses: The-OpenROAD-Project/actions/push_to@main with: owner: ${{ env.STAGING_OWNER }} repo: ${{ env.STAGING_REPO }} branch: ${{ env.STAGING_BRANCH }} deployToken: ${{ secrets.STAGING_GITHUB_TOKEN }} force: true - id: send_pr name: Create PR if needed. uses: The-OpenROAD-Project/actions/send_pr@main env: STAGING_GITHUB_TOKEN: ${{ secrets.STAGING_GITHUB_TOKEN }} - name: Linking to PR using deployment. uses: The-OpenROAD-Project/actions/link_pr@main env: GITHUB_TOKEN: ${{ github.token }} UPSTREAM_PR: ${{ steps.send_pr.outputs.pr }}