diff --git a/.github/workflows/trafico.yml b/.github/workflows/trafico.yml deleted file mode 100644 index 6dff28caab3..00000000000 --- a/.github/workflows/trafico.yml +++ /dev/null @@ -1,37 +0,0 @@ -########################################################################################## -# WARNING! This workflow uses the 'pull_request_target' event. That mans that it will # -# always run in the context of the main actualbudget/actual repo, even if the PR is from # -# a fork. This is necessary to get access to a GitHub token that can modify the PR. # -# Be VERY CAREFUL about adding things to this workflow, since forks can inject # -# arbitrary code into their branch, and can pollute the artifacts we download. Arbitrary # -# code execution in this workflow could lead to a compromise of the main repo. # -########################################################################################## -# See: https://securitylab.github.com/research/github-actions-preventing-pwn-requests # -########################################################################################## - -name: Trafico Reviews - -on: - pull_request_target: - types: - - opened - - closed - - reopened - - synchronize - - edited - - review_requested - - review_request_removed - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - manage-review: - runs-on: ubuntu-latest - permissions: - pull-requests: write - steps: - - uses: actualbudget/trafico@main - with: - github-token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/wip.yml b/.github/workflows/wip.yml deleted file mode 100644 index 060ec60c262..00000000000 --- a/.github/workflows/wip.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Add WIP - -on: - pull_request_target: - types: - - opened - -jobs: - add_wip_prefix: - if: | - join(github.event.pull_request.requested_reviewers) == '' - && !contains(github.event.pull_request.title, 'WIP') - && !contains(github.event.pull_request.labels.*.name, 'WIP') - && github.event.pull_request.draft != true - runs-on: ubuntu-latest - permissions: - pull-requests: write - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Add WIP - env: - TITLE: ${{ github.event.pull_request.title }} - shell: bash - run: | - echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token - gh pr edit ${{ github.event.pull_request.number }} -t "[WIP] ${TITLE}" diff --git a/upcoming-release-notes/3023.md b/upcoming-release-notes/3023.md new file mode 100644 index 00000000000..d3291c0e349 --- /dev/null +++ b/upcoming-release-notes/3023.md @@ -0,0 +1,6 @@ +--- +category: Maintenance +authors: [twk3] +--- + +Remove Trafico workflow in favour of our new GitHub bot