Skip to content

Deny rubygems-update injection #2057

Deny rubygems-update injection

Deny rubygems-update injection #2057

name: Add milestone to merged pull requests
on:
pull_request:
types: [closed]
jobs:
add_milestone:
permissions:
contents: read
issues: write
pull-requests: write
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true && github.event.pull_request.milestone == null
steps:
- name: Checkout code
# Checks out the branch that the pull request is merged into
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.base.ref }}
- name: Get major version from gemspec
# Parse the gemspec and return the major version
id: version
run: |
echo "::set-output name=version::$(find . -name *.gemspec | ruby -ne 'puts Gem::Specification.load($_.chomp).version.to_s.split(".").first')"
- name: Get project milestones
id: milestones
uses: actions/github-script@v7
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const milestones = await github.rest.issues.listMilestones({
owner: context.repo.owner,
repo: context.repo.repo,
state: 'open'
})
return milestones.data
- name: Update Pull Request
# Update the merged pull request with the milestone starts with the major version
uses: actions/github-script@v7
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const milestones = ${{steps.milestones.outputs.result}}
const majorVersion = ${{steps.version.outputs.version}}
const milestone = milestones.find(m => m.title.startsWith(majorVersion))
if (milestone) {
await github.rest.issues.update({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: ${{ github.event.pull_request.number }},
milestone: milestone.number
})
}