backport.yml

# SPDX-FileCopyrightText: 2024 The Crossplane Authors <https://crossplane.io>
#
# SPDX-License-Identifier: CC0-1.0

name: Backport

on:
  # NOTE(negz): This is a risky target, but we run this action only when and if
  # a PR is closed, then filter down to specifically merged PRs. We also don't
  # invoke any scripts, etc from within the repo. I believe the fact that we'll
  # be able to review PRs before this runs makes this fairly safe.
  # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
  pull_request_target:
    types: [closed]
  # See also backport-trigger.yml for the /backport triggered variant of this workflow.

jobs:
  open-pr:
    runs-on: ubuntu-latest
    if: github.event.pull_request.merged
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          fetch-depth: 0

      - name: Open Backport PR
        uses: zeebe-io/backport-action@be567af183754f6a5d831ae90f648954763f17f5 # v3.1.0