[aes] Upstream support for GCM - Part 23 #9864
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright lowRISC contributors (OpenTitan project). | |
| # Licensed under the Apache License, Version 2.0, see LICENSE for details. | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Cherry-pick Pull Request | |
| on: | |
| pull_request_target: | |
| types: [closed, labeled] | |
| permissions: | |
| contents: read | |
| # 2 backport jobs may be running simultaneously if the merge and label event happen in quick | |
| # succession. Serialize them based on PR number to avoid this. | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number }} | |
| cancel-in-progress: false | |
| jobs: | |
| cherrypick: | |
| # NOTE: We currently need these permissions because we create pull request with the repo-scoped | |
| # default token. We should in the future move to a PAT owned by lowrisc-bot and create pull request | |
| # on its behalf. | |
| permissions: | |
| # Needed for authentication. | |
| id-token: write | |
| # Needed for the action to create branch. | |
| contents: write | |
| name: Cherry-pick Pull Request | |
| if: github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('CherryPick:', github.event.label.name)) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Obtain token to create PR | |
| id: pr_token | |
| run: | | |
| # Obtain OIDC token from GitHub | |
| ID_TOKEN=$(curl -sSf -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=https://ca.lowrisc.org" | jq -r .value) | |
| echo "::add-mask::$ID_TOKEN" | |
| # Exchange for a token to create PR | |
| PR_TOKEN=$(curl -sSf -X POST -H "Authorization: Bearer $ID_TOKEN" "https://ca.lowrisc.org/api/github/repos/${{ github.repository }}/token") | |
| echo "::add-mask::$PR_TOKEN" | |
| echo "pr_token=$PR_TOKEN" >> "$GITHUB_OUTPUT" | |
| - name: Create backport PRs | |
| id: backport | |
| uses: korthout/backport-action@e8161d6a0dbfa2651b7daa76cbb75bc7c925bbf3 # v2.4.1 | |
| with: | |
| label_pattern: "^CherryPick:([^ ]+)$" | |
| pull_title: "Cherry-pick to ${target_branch}: ${pull_title}" | |
| github_token: ${{ steps.pr_token.outputs.pr_token }} | |
| pull_description: | | |
| This is an automatic cherry-pick of #${pull_number} to branch `${target_branch}`. | |
| - name: Apply label for manually cherry picking | |
| if: ${{ steps.backport.outputs.was_successful == 'false' }} | |
| env: | |
| GH_TOKEN: ${{ steps.pr_token.outputs.pr_token }} | |
| run: | | |
| gh pr edit ${{ github.event.pull_request.number }} --add-label 'Manually CherryPick' |