# Auto Label PR # ------------- # This GitHub Actions workflow automatically adds or removes labels on a pull request # based on a custom Python script that analyzes the PR content and paths. # # Steps: # - Run pr_category_label.py to determine which category labels to add/remove # - Update labels on the PR using GitHub CLI (gh) # - Check if the PR creator is a member of the specified organization and add/remove labels accordingly name: Auto Label PR on: pull_request_target: types: - opened - synchronize - reopened - ready_for_review branches: - 'develop' - 'staging' - 'main' - 'release-staging/rocm-rel-7.*' # Ignore changes to top-level files and directories # that are not part of the subtree structure paths-ignore: - '.github/**' - 'docs/**' - '*.md' # ensure that the workflow is not running for the same PR multiple times at once concurrency: group: pr-auto-label-${{ github.event.pull_request.number || github.run_id }} cancel-in-progress: false env: ORG_TO_CHECK: ROCm ORG_LABEL: "organization: ROCm" EXTERNAL_LABEL: "external contribution" jobs: auto-label-pr: runs-on: ubuntu-24.04 steps: - name: Generate GitHub App token (only for branch PRs) id: generate-token if: ${{ !github.event.pull_request.head.repo.fork }} uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 with: app-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - name: Checkout workflows uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: refs/pull/${{ github.event.pull_request.number }}/merge sparse-checkout: '.github' token: ${{ github.event.pull_request.head.repo.fork && secrets.GITHUB_TOKEN || steps.generate-token.outputs.token }} - name: Set up Python uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: '3.12' - name: Install python dependencies run: | python -m pip install --upgrade pip pip install pydantic requests - name: Set up Git user run: | git config user.name "assistant-librarian[bot]" git config user.email "assistant-librarian[bot]@users.noreply.github.com" - name: Compute Category Labels for PR id: compute_labels env: # this env clause gets repeated, but it is safer than echo'ing secrets in the workflow GH_TOKEN: ${{ github.event.pull_request.head.repo.fork && secrets.GITHUB_TOKEN || steps.generate-token.outputs.token }} run: | python .github/scripts/pr_category_label.py \ --repo ${{ github.repository }} \ --pr ${{ github.event.pull_request.number }} - name: Update labels env: # this env clause gets repeated, but it is safer than echo'ing secrets in the workflow GH_TOKEN: ${{ github.event.pull_request.head.repo.fork && secrets.GITHUB_TOKEN || steps.generate-token.outputs.token }} run: | if [ -n "${{ steps.compute_labels.outputs.label_remove }}" ]; then gh pr edit "${{ github.event.pull_request.number }}" --remove-label "${{ steps.compute_labels.outputs.label_remove }}" fi if [ -n "${{ steps.compute_labels.outputs.label_add }}" ]; then gh pr edit "${{ github.event.pull_request.number }}" --add-label "${{ steps.compute_labels.outputs.label_add }}" fi - name: Check if PR creator is in org or collaborator and label accordingly env: # this env clause gets repeated, but it is safer than echo'ing secrets in the workflow GH_TOKEN: ${{ github.event.pull_request.head.repo.fork && secrets.GITHUB_TOKEN || steps.generate-token.outputs.token }} run: | if gh pr view "${{ github.event.pull_request.number }}" --json labels -q '.labels[].name' | grep -qFx "imported pr"; then echo "Skipping org membership labeling for imported pull request." exit 0 fi PR_USER=$(gh pr view "${{ github.event.pull_request.number }}" --json author -q .author.login) if [ "${{ github.event.pull_request.head.repo.fork }}" = true ]; then # For fork PRs: check if user has any collaborator permission on the repo PERMISSION=$(gh api repos/${{ github.repository }}/collaborators/$PR_USER/permission --jq '.permission' --silent) if [ "$PERMISSION" = "admin" ] || [ "$PERMISSION" = "write" ] || [ "$PERMISSION" = "maintain" ]; then gh pr edit "${{ github.event.pull_request.number }}" --add-label "${{ env.ORG_LABEL }}" gh pr edit "${{ github.event.pull_request.number }}" --remove-label "${{ env.EXTERNAL_LABEL }}" else gh pr edit "${{ github.event.pull_request.number }}" --add-label "${{ env.EXTERNAL_LABEL }}" gh pr edit "${{ github.event.pull_request.number }}" --remove-label "${{ env.ORG_LABEL }}" fi else # For branch PRs (non-forks): check org membership via GitHub App token if gh api orgs/${{ env.ORG_TO_CHECK }}/members/$PR_USER --silent; then gh pr edit "${{ github.event.pull_request.number }}" --add-label "${{ env.ORG_LABEL }}" gh pr edit "${{ github.event.pull_request.number }}" --remove-label "${{ env.EXTERNAL_LABEL }}" else gh pr edit "${{ github.event.pull_request.number }}" --add-label "${{ env.EXTERNAL_LABEL }}" gh pr edit "${{ github.event.pull_request.number }}" --remove-label "${{ env.ORG_LABEL }}" fi fi