workflows/backport: Label failed backports

The intent behind this new label is to allow filtering on the label, which can then allow Nixpkgs contributors to *act* on such failures. The label **must** be removed *only* when a PR was then successfully made, or the change has been verified to not need a backport. Removing the label is intended to make the list of PRs with the label actionable. The following search query could be used to ensure no security changes that were marked for being backported are left behind: - https://github.com/NixOS/nixpkgs/pulls?q=is%3Apr+label%3A%221.severity%3A+security%22+label%3A%228.has%3A+failed+backport%22+ (Obviously not right now. The label does not exist and isn't used.)
2026-06-05 21:03:40 +00:00 · 2026-05-07 12:05:25 -04:00
parent 549bd84d62
commit afb1bec526
1 changed files with 14 additions and 1 deletions
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@@ -11,7 +11,7 @@ on:

 permissions:
  contents: read
-  issues: write # adding the 'has: port to stable' label
+  issues: write # adding the 'has: port to stable' and 'has: backport failed' label
  pull-requests: write # creating backport pull requests

 defaults:
@@ -82,3 +82,16 @@ jobs:
              issue_number: context.payload.pull_request.number,
              labels: [ '8.has: port to stable' ]
            })
+
+      - name: "Add 'has: failed backport' label"
+        if: steps.backport.outputs.was_successful == 'false'
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        with:
+          # Not using the app on purpose to avoid triggering another workflow run after adding this label.
+          script: |
+            await github.rest.issues.addLabels({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.payload.pull_request.number,
+              labels: [ '8.has: failed backport' ]
+            })