[jira] [Reopened] (DAFFODIL-2995) Configure scala-steward to apply "dependencies" label to PRs

[Steve Lawrence (Jira)]

     [ 
https://issues.apache.org/jira/browse/DAFFODIL-2995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Steve Lawrence reopened DAFFODIL-2995:
--------------------------------------

A new scala-steward PR was opened and it did not get the label, something is 
still broken, reopening this.

The commit above (from https://github.com/apache/daffodil/pull/1522) makes use 
of the TimonVS/pr-labeler-action, and this was all based off of Apache Pekko 
GRPC 
(https://github.com/apache/pekko-grpc/blob/main/.github/workflows/pr-labeler.yml).
 The configurations look essentially the same.

I did notice once difference which is that Apache Pekko uses an ASF 
scala-steward instance:

https://github.com/apache/pekko-grpc/blob/main/.github/workflows/scala-steward.yml
https://issues.apache.org/jira/browse/INFRA-24961

Maybe when Scala Steward is triggered via the ASF instance, a different 
GITHUB_TOKEN is used that has permissions to write pull requests?

Another possibility is maybe we can just modify the pr-labeler.yml file to add 
"pull_requests: write" to the action permission, which might temporarily 
elevate the action permission to be able to add labels.  I do see other apache 
projects that have actions with the "pull_requests: write" permission, also 
used for labeling, so that might be sufficient.

Also, I discovered the action https://github.com/actions/labeler, which is 
maintain by GitHub and also has more features than TimonVS/pr-labeler-action 
(e.g. labeling based on file names), and also has more details about potential 
permissions issues. I'm not sure we need all the extra features, but using an 
official GitHub action is probably preferred where possible.

> Configure scala-steward to apply "dependencies" label to PRs
> ------------------------------------------------------------
>
>                 Key: DAFFODIL-2995
>                 URL: https://issues.apache.org/jira/browse/DAFFODIL-2995
>             Project: Daffodil
>          Issue Type: Improvement
>          Components: Infrastructure
>            Reporter: Steve Lawrence
>            Assignee: Steve Lawrence
>            Priority: Major
>             Fix For: 4.0.0
>
>
> With the relatively large number of scala-steward/dependabot PRs we get, it 
> can sometimes be it difficult to pick out actual PRs that we usually want to 
> give higher priority.
> We should configure scala-steward to apply the "dependencies" label, similar 
> to dependabot. Not only does this make it easier to see which PRs are just 
> dependency updates, it also allows us to filter out dependencies from the PR 
> view (e.g. "-label:dependencies" in a github query) so we can more easily see 
> the important PRs.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)