grafana_bak/.github/workflows/commands.yml

name: Run commands when issues are labeled or comments added

# important: this workflow uses a github app that is strictly limited
# to issues. If you want to change the triggers for this workflow,
# please review if the permissions are still sufficient.
on:
  issues:
    types: [labeled, unlabeled]
  issue_comment:
    types: [created]

concurrency:
  group: issue-commands-${{ github.event.issue.number }}

permissions:
  contents: read
  id-token: write

jobs:
  config:
    runs-on: "ubuntu-latest"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
      - name: "Check for secrets"
        id: check
        shell: bash
        run: |
          if [ "${{ github.repository }}" == "grafana/grafana" ] && [ -n "${{ secrets.GRAFANA_MISC_STATS_API_KEY }}" ]; then
            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
          fi

  main:
    needs: config
    if: needs.config.outputs.has-secrets
    runs-on: ubuntu-latest
    steps:
      - name: "Get vault secrets"
        id: vault-secrets
        uses: grafana/shared-workflows/actions/get-vault-secrets@main
        with:
          # Secrets placed in the ci/repo/grafana/grafana/plugins_platform_issue_commands_github_bot path in Vault
          repo_secrets: |
            GH_APP_ID=plugins_platform_issue_commands_github_bot:app_id
            GH_APP_PEM=plugins_platform_issue_commands_github_bot:app_pem

      - name: "Generate token"
        id: generate_token
        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
        with:
          app_id: ${{ env.GH_APP_ID }}
          private_key: ${{ env.GH_APP_PEM }}

      - name: Checkout Actions
        uses: actions/checkout@v4
        with:
          repository: "grafana/grafana-github-actions"
          path: ./actions
          ref: main

      - name: Install Actions
        run: npm install --production --prefix ./actions
      - name: Run Commands
        uses: ./actions/commands
        with:
          metricsWriteAPIKey: ${{secrets.GRAFANA_MISC_STATS_API_KEY}}
          token: ${{ steps.generate_token.outputs.token }}
          configPath: commands