name: GitHub Event Processor on: issues: types: [edited, labeled, opened, reopened, unlabeled] # issue_comment is used for both issues and pull_requests # github.event.issue.pull_request will be non-null on pull request comments issue_comment: types: [created] # synchronize is the pull_request_target event when changes are pushed # pull request merged is the closed event with github.event.pull_request.merged = true pull_request_target: types: [closed, labeled, opened, reopened, review_requested, synchronize, unlabeled] # This removes all unnecessary permissions, the ones needed will be set below. # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token permissions: {} jobs: # This event requires the Azure CLI to get the LABEL_SERVICE_API_KEY from the vault. # Because the azure/login step adds time costly pre/post Az CLI commands to any every job # it's used in, split this into its own job so only the event that needs the Az CLI pays # the cost. event-handler-with-azure: permissions: issues: write pull-requests: write # For OIDC auth id-token: write contents: read name: Handle ${{ github.event_name }} ${{ github.event.action }} event with azure login runs-on: ubuntu-latest steps: - name: 'Az CLI login' uses: azure/login@v2 if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }} with: client-id: a6dd2dfe-7352-41a7-9020-05301c3bca1a tenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 allow-no-subscriptions: true - name: 'Run Azure CLI commands' if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }} run: | LABEL_SERVICE_API_KEY=$(az keyvault secret show \ --vault-name issue-labeler \ -n issue-labeler-func-key \ -o tsv \ --query value) echo "::add-mask::$LABEL_SERVICE_API_KEY" echo "LABEL_SERVICE_API_KEY=$LABEL_SERVICE_API_KEY" >> $GITHUB_ENV # To run github-event-processor built from source, for testing purposes, uncomment everything # in between the Start/End-Build From Source comments and comment everything in between the # Start/End-Install comments # Start-Install - name: Install GitHub Event Processor run: > dotnet tool install Azure.Sdk.Tools.GitHubEventProcessor --version 1.0.0-dev.20250314.4 --add-source https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json --global shell: bash # End-Install # Testing checkout of sources from the Azure/azure-sdk-tools repository # The ref: is the SHA from the pull request in that repository or the # refs/pull//merge for the latest on any given PR. If the repository # is a fork eg. /azure-sdk-tools then the repository down below will # need to point to that fork # Start-Build # - name: Checkout tools repo for GitHub Event Processor sources # uses: actions/checkout@v3 # with: # repository: Azure/azure-sdk-tools # path: azure-sdk-tools # ref: /merge> or # - name: Build and install GitHubEventProcessor from sources # run: | # dotnet pack # dotnet tool install --global --prerelease --add-source ../../../artifacts/packages/Debug Azure.Sdk.Tools.GitHubEventProcessor # shell: bash # working-directory: azure-sdk-tools/tools/github-event-processor/Azure.Sdk.Tools.GitHubEventProcessor # End-Build - name: Process Action Event run: | github-event-processor ${{ github.event_name }} ${{ github.event_path }} shell: bash env: # This is a temporary secret generated by github # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} LABEL_SERVICE_API_KEY: ${{ env.LABEL_SERVICE_API_KEY }} - name: Archive github event data uses: actions/upload-artifact@v4 if: always() with: name: event path: ${{ github.event_path }}