Add an auto-cherry-pick GitHub Action

[thejcannon]

This adds a new GitHub action that runs after a PR is merged which is labeled "needs-cherrypick" as well as can be run manually.

I've done a decent amount of testing on my fork, but wasn't able to test the actual PR creation (it failed on me not configuring git over there)

[huonw]

Woohoo, automation!

[huonw]

If this is happening in several automations, it might be good to centralise, and I see two options:

• they could be factored into a composite action in this repo (https://docs.github.com/en/actions/creating-actions/about-custom-actions#choosing-a-location-for-your-action)
• the email/name content could be stored as a repo/org level 'variable' https://docs.github.com/en/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows rather than hard-code

[thejcannon]

I haven't tried it yet, but I suspect there's just a missing env var to handle it

[thejcannon]

Oh sorry @huonw I just realized this branch wasn't up to date with my latest changes 😬

[thejcannon]

The milestone changes should've been made on the "every milestone" PR, sorry y'all

[thejcannon]

This means the person running the script doesn't need an up-to-date main, we'll fetch the ref.

[thejcannon]

Since the GitHub Action doesn't get to participate in prompting, we need to push the branch.

[huonw]

I assume the GitHub cli won't even try to prompt in this case, it'll detect the branch already exists on a remote?

[thejcannon]

Ugh: https://github.com/actions/checkout/blob/f095bcc56b7c2baf48f3ac70d6d6782f4f553222/adrs/0153-checkout-v2.md?plain=1#L111

[stuhood]

Thanks!

Ideally this would be generated by

pants/build-support/bin/generate_github_workflows.py

Lines 1071 to 1173 in f9188ab

	def generate() -> dict[Path, str]:
	"""Generate all YAML configs with repo-relative paths."""
	pr_jobs = test_workflow_jobs([PYTHON37_VERSION], cron=False)
	pr_jobs.update(**classify_changes())
	for key, val in pr_jobs.items():
	if key in {"check_labels", "classify_changes"}:
	continue
	needs = val.get("needs", [])
	if isinstance(needs, str):
	needs = [needs]
	needs.extend(["classify_changes"])
	val["needs"] = needs
	if_cond = val.get("if")
	not_docs_only = "needs.classify_changes.outputs.docs_only != 'true'"
	val["if"] = not_docs_only if if_cond is None else f"({if_cond}) && ({not_docs_only})"
	pr_jobs.update(merge_ok(sorted(pr_jobs.keys())))
	test_workflow_name = "Pull Request CI"
	test_yaml = yaml.dump(
	{
	"name": test_workflow_name,
	"concurrency": {
	"group": "${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}",
	"cancel-in-progress": True,
	},
	"on": {"pull_request": {}, "push": {"branches-ignore": ["dependabot/**"]}},
	"jobs": pr_jobs,
	"env": global_env(),
	},
	width=120,
	Dumper=NoAliasDumper,
	)
	test_cron_yaml = yaml.dump(
	{
	"name": "Daily Extended Python Testing",
	# 08:45 UTC / 12:45AM PST, 1:45AM PDT: arbitrary time after hours.
	"on": {"schedule": [{"cron": "45 8 * * *"}]},
	"jobs": test_workflow_jobs([PYTHON38_VERSION, PYTHON39_VERSION], cron=True),
	"env": global_env(),
	},
	Dumper=NoAliasDumper,
	)
	ignore_advisories = " ".join(
	f"--ignore {adv_id}" for adv_id in CARGO_AUDIT_IGNORED_ADVISORY_IDS
	)
	audit_yaml = yaml.dump(
	{
	"name": "Cargo Audit",
	"on": {
	# 08:11 UTC / 12:11AM PST, 1:11AM PDT: arbitrary time after hours.
	"schedule": [{"cron": "11 8 * * *"}],
	# Allow manually triggering this workflow
	"workflow_dispatch": None,
	},
	"jobs": {
	"audit": {
	"runs-on": "ubuntu-latest",
	"if": IS_PANTS_OWNER,
	"steps": [
	*checkout(),
	{
	"name": "Cargo audit (for security vulnerabilities)",
	"run": f"./cargo install --version 0.17.5 cargo-audit\n./cargo audit {ignore_advisories}\n",
	},
	],
	}
	},
	}
	)
	cc_jobs, cc_inputs = cache_comparison_jobs_and_inputs()
	cache_comparison_yaml = yaml.dump(
	{
	"name": "Cache Comparison",
	# Kicked off manually.
	"on": {"workflow_dispatch": {"inputs": cc_inputs}},
	"jobs": cc_jobs,
	},
	Dumper=NoAliasDumper,
	)
	release_jobs, release_inputs = release_jobs_and_inputs()
	release_yaml = yaml.dump(
	{
	"name": "Record Release Commit",
	"on": {
	"push": {"tags": ["release_*"]},
	"workflow_dispatch": {"inputs": release_inputs},
	},
	"jobs": release_jobs,
	},
	Dumper=NoAliasDumper,
	)
	return {
	Path(".github/workflows/audit.yaml"): f"{HEADER}\n\n{audit_yaml}",
	Path(".github/workflows/cache_comparison.yaml"): f"{HEADER}\n\n{cache_comparison_yaml}",
	Path(".github/workflows/test.yaml"): f"{HEADER}\n\n{test_yaml}",
	Path(".github/workflows/test-cron.yaml"): f"{HEADER}\n\n{test_cron_yaml}",
	Path(".github/workflows/release.yaml"): f"{HEADER}\n\n{release_yaml}",
	}

rather than hand written, but fine as a followup.

[thejcannon]

What do we gain from generating? Seems like extra steps for no/little benefit?

[stuhood]

What do we gain from generating? Seems like extra steps for no/little benefit?

Type checking, avoiding yaml gotchas, consistency, reuse.

[thejcannon]

I just tried, adding a PR author as a reviewer of their own PR is a no-op, so this is safe to do unconditionally.

[huonw]

Nice