chore(deps): pin dependencies #343
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: lint | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| workflow_call: | |
| # concurrency: | |
| # group: ${{ github.workflow }}-${{ github.ref }}-${{ github.action }} | |
| # cancel-in-progress: false | |
| permissions: | |
| pull-requests: read | |
| contents: read | |
| checks: write | |
| jobs: | |
| lint: | |
| name: lint | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| permissions: | |
| checks: write # For trunk to post annotations | |
| contents: read # For repo checkout | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - name: set-aqua-policy-if-file-exists | |
| run: | | |
| if [[ -f aqua-policy.yaml ]]; then | |
| echo "AQUA_POLICY_CONFIG=${GITHUB_WORKSPACE}/aqua-policy.yaml:${AQUA_POLICY_CONFIG}" >> $GITHUB_ENV | |
| else | |
| echo "👉 No aqua-policy.yaml file found, skipping setting AQUA_POLICY_CONFIG" | |
| fi | |
| - uses: aquaproj/aqua-installer@fd2089d1f56724d6456f24d58605e6964deae124 # v2.3.2 | |
| continue-on-error: true | |
| with: | |
| aqua_version: v2.30.0 | |
| enable_aqua_install: true | |
| aqua_opts: '--tags lint' # if using aqua.yaml config any special items in your repo like Golangci-lint using tags so it only installs what's needed | |
| env: | |
| AQUA_LOG_LEVEL: debug | |
| AQUA_OPTS: '' | |
| - name: trunk-check | |
| uses: trunk-io/trunk-action@86b68ffae610a05105e90b1f52ad8c549ef482c2 # v1.1.16 | |
| with: | |
| arguments: --github-annotate-new-only=true | |
| changie-validation: | |
| name: changie-validation | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| contents: read | |
| checks: write | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| GITHUB_REF_BRANCH: ${{ github.ref }} | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ env.GITHUB_REF_BRANCH }} | |
| - name: Set up default branch name | |
| id: default_branch | |
| run: echo "DEFAULT_BRANCH=$(gh repo view --json defaultBranchRef -q '.defaultBranchRef.name')" >> $GITHUB_ENV | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Check for .changes directory | |
| id: check_changes_dir | |
| run: | | |
| if [[ -d ".changes" ]]; then | |
| echo "changes_dir_exists=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "changes_dir_exists=false" >> $GITHUB_OUTPUT | |
| echo "⏩ no changie entry required on this" | |
| fi | |
| - name: Fetch default branch | |
| id: fetch_branches | |
| run: | | |
| git fetch origin ${{ env.DEFAULT_BRANCH }} | |
| git fetch origin ${{ env.GITHUB_REF_BRANCH }} | |
| - name: Check for labels | |
| id: check_labels | |
| run: | | |
| echo "no_changie_required=false" >> $GITHUB_OUTPUT | |
| echo "dependencies=false" >> $GITHUB_OUTPUT | |
| for label in $(gh pr view ${{ github.event.pull_request.number }} --json labels --jq '.labels[].name'); do | |
| if [[ "$label" == "no-changie-required" ]]; then | |
| echo "no_changie_required=true" >> $GITHUB_OUTPUT | |
| echo "❎ bypass on changie noted due to label" | |
| elif [[ "$label" == "dependencies" ]]; then | |
| echo "dependencies=true" >> $GITHUB_OUTPUT | |
| fi | |
| done | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Validate changie entry | |
| id: validate_changie_entry | |
| if: steps.check_changes_dir.outputs.changes_dir_exists == 'true' && steps.check_labels.outputs.no_changie_required == 'false' && steps.check_labels.outputs.dependencies == 'false' | |
| run: | | |
| # Fetch existing comments | |
| changes=$(git diff --name-only --diff-filter=A origin/${{ env.DEFAULT_BRANCH }}...HEAD -- .changes/) | |
| if [[ -n "$changes" ]]; then | |
| echo "Changie entry found" | |
| comment="✅ changie entry was found" | |
| gh pr review ${{ github.event.pull_request.number }} --approve --body "$comment" | |
| gh pr comment ${{ github.event.pull_request.number }} --body "$comment" --edit-last || gh pr comment ${{ github.event.pull_request.number }} --body "$comment" | |
| else | |
| echo "No changie entry found in .changes" | |
| comment="❌ A changie entry is required in .changes/" | |
| echo "adding review comment saying required, since not seeing prior comment before" | |
| gh pr review ${{ github.event.pull_request.number }} --request-changes --body "$comment" | |
| gh pr comment ${{ github.event.pull_request.number }} --body "$comment" --edit-last || gh pr comment ${{ github.event.pull_request.number }} --body "$comment" | |
| fi | |
| # Update or post the review comment | |
| if [[ -n "$comment" ]]; then | |
| echo "adding review comment since not seeing prior comment before" | |
| gh pr comment ${{ github.event.pull_request.number }} --body "$comment" --edit-last || gh pr comment ${{ github.event.pull_request.number }} --body "$comment" | |
| fi | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |