Add auto labeler on PRs

[ohltyler]

Signed-off-by: Tyler Ohlsen [email protected]

Description

This PR adds a labeling github action which is triggered on PRs opening to main. There are 2 added files:

1. .github/labeler.yml: configures the labels to add to the PR, if the PR's changed files match any of the glob patterns specified. For example, this adds a dependencies label whenever a PR is opened that changes yarn.lock.
2. .github/workflows/labeler.yml: the actual github action which uses the specified config. Uses permissions from the OpenSearch GitHub app to be able to write to the PR, since that is not possible using the default GITHUB_TOKEN. For more details see here, here

Example PR of this working in my forked repo (using a personal bot in order to get permissions to write to PRs in this repo): ohltyler#7 (auto-label workflow run: link)

Notes:

• it is defaulting all changes to backport 1.x - this is because this plugin is not tracking the next major version (2.0.0), and so all changes merged to main currently are being backported to 1.x branch already (note this will need to change when moving to 2.0.0 compatibility / having 2.x branch). Also note backport 1.x is the branch name used by the auto-backport bot to open a backport PR to 1.x branch when a PR is merged, so this closes the gap and allows for a fully automated way to open a PR -> merge PR -> backport to release branch.
• it will add or remove labels based on changes in the PR - for example if yarn.lock was originally changed and then reverted within the PR, the labeler would add and remove the dependencies label as well
• .github/**/* pattern had to be added separately in backport 1.x label due to the labeler not picking up directories starting with . by default

TODO: understand the github bot permissions and if it can be used for this github action. Until then, this PR is blocked when trying to use the default repo token. Ref: actions/first-interaction#10, use of an app to solve: mentioned here

Check List

• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov-commenter]

Codecov Report

Merging #201 (8dd7090) into main (53a0f4f) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #201   +/-   ##
=======================================
  Coverage   45.93%   45.93%           
=======================================
  Files         150      150           
  Lines        4944     4944           
  Branches      951      951           
=======================================
  Hits         2271     2271           
  Misses       2455     2455           
  Partials      218      218           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 53a0f4f...8dd7090. Read the comment docs.

[ohltyler]

Confirming with @VachaShah on the permissions model with the OpenSearch app, and if it can be used for this use case to allow running this github action.

Permissions issue that I'm seeing (ref: workflow link)

HttpError: Resource not accessible by integration

Permissions model of github action mentions how it only works with PRs created within the same repo as well. Ref: https://github.com/actions/labeler/pull/51/files

[VachaShah]

Confirming with @VachaShah on the permissions model with the OpenSearch app, and if it can be used for this use case to allow running this github action.

Permissions issue that I'm seeing:

HttpError: Resource not accessible by integration

Permissions model of github action mentions how it only works with PRs created within the same repo as well. Ref: https://github.com/actions/labeler/pull/51/files

The OpenSearch Github App has the PR permissions so that would not be an issue.

[ohltyler]

By creating a private GitHub app with sufficient permissions in my forked repo, and by adding all of the necessary secrets to my forked repo (app ID, app private key, installation ID), I was able to get the auto-labeling working with it (ref). Helpful link: see here.

Reverting the change back to the main repo's installation ID, since I have proved this works in the forked repo.

[ohltyler]

Confirming with @VachaShah on the permissions model with the OpenSearch app, and if it can be used for this use case to allow running this github action.
Permissions issue that I'm seeing:

HttpError: Resource not accessible by integration

Permissions model of github action mentions how it only works with PRs created within the same repo as well. Ref: https://github.com/actions/labeler/pull/51/files

The OpenSearch Github App has the PR permissions so that would not be an issue.

@VachaShah thanks for confirming! I've confirmed my private app matches the permissions of the OpenSearch GitHub app and that it's working as expected in my forked repo.

[amitgalitz]

If we remove labels from a PR will the bot run again to re-add them or will it only run on code changes? Could there be changes that we specifically don't want to always backport?

[ohltyler]

If we remove labels from a PR will the bot run again to re-add them or will it only run on code changes?

Only runs on code changes

Could there be changes that we specifically don't want to always backport?

We haven't encountered that yet, so currently all commits get backported. Can revisit that logic if we start tracking the next major version, which is currently2.0.0

[ohltyler]

Reopened in #205. Closed this one since it was based on main branch which was needed for testing in my fork.