Remove Trafico workflow in favour of our new GitHub bot (#3023)

* Remove Trafico workflow in favour of our new GitHub bot * Add release note

Remove Trafico workflow in favour of our new GitHub bot (#3023)
4a0e2ea3 · DJ Mountney · GitHub · 14ec9a90 · 14ec9a90 · 14ec9a90
Unverified Commit 4a0e2ea3 authored 8 months ago by DJ Mountney Committed by GitHub 8 months ago
--- a/.github/workflows/trafico.yml
+++ b/.github/workflows/trafico.yml
-##########################################################################################
-# WARNING! This workflow uses the 'pull_request_target' event. That mans that it will    #
-# always run in the context of the main actualbudget/actual repo, even if the PR is from #
-# a fork. This is necessary to get access to a GitHub token that can modify the PR.      #
-# Be VERY CAREFUL about adding things to this workflow, since forks can inject           #
-# arbitrary code into their branch, and can pollute the artifacts we download. Arbitrary #
-# code execution in this workflow could lead to a compromise of the main repo.           #
-##########################################################################################
-# See: https://securitylab.github.com/research/github-actions-preventing-pwn-requests    #
-##########################################################################################
-
-name: Trafico Reviews
-
-on:
-  pull_request_target:
-    types:
-     - opened
-     - closed
-     - reopened
-     - synchronize
-     - edited
-     - review_requested
-     - review_request_removed
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  manage-review:
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
-    steps:
-      - uses: actualbudget/trafico@main
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
--- a/.github/workflows/wip.yml
+++ b/.github/workflows/wip.yml
-name: Add WIP
-
-on:
-  pull_request_target:
-    types:
-      - opened
-
-jobs:
-  add_wip_prefix:
-    if: |
-      join(github.event.pull_request.requested_reviewers) == ''
-        && !contains(github.event.pull_request.title, 'WIP')
-        && !contains(github.event.pull_request.labels.*.name, 'WIP')
-        && github.event.pull_request.draft != true
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-    - name: Add WIP
-      env:
-          TITLE: ${{ github.event.pull_request.title }}
-      shell: bash
-      run: |
-        echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token
-        gh pr edit ${{ github.event.pull_request.number }} -t "[WIP] ${TITLE}"
--- a/upcoming-release-notes/3023.md
+++ b/upcoming-release-notes/3023.md
+---
+category: Maintenance
+authors: [twk3]
+---
+
+Remove Trafico workflow in favour of our new GitHub bot