-
Notifications
You must be signed in to change notification settings - Fork 247
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
c56ea50
commit 0f9aeca
Showing
1 changed file
with
82 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,19 +2,23 @@ name: Format pull request | |
|
|
||
| on: | ||
| workflow_dispatch: | ||
| issue_comment: | ||
| types: [created] | ||
|
|
||
| jobs: | ||
| format: | ||
| # Handling workflow_dispatch is simple. Just checkout whatever branch it was run on. | ||
| # The workflow will run in that repository's context and thus can safely get write permissions. | ||
| manual-dispatch: | ||
| runs-on: ubuntu-latest | ||
|
|
||
| if: github.event_name == 'workflow_dispatch' | ||
| permissions: | ||
| contents: write | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | ||
| with: | ||
| # Credentials needed for pushing changes at the end | ||
| # Credentials needed for pushing changes at the end. | ||
| # This is already the default, but for safety we are being explicit about this. | ||
| persist-credentials: true | ||
| - name: Install Node.js | ||
| uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af | ||
|
|
@@ -29,6 +33,79 @@ jobs: | |
| git config --global user.name "$GITHUB_ACTOR" | ||
| git config --global user.email "[email protected]" | ||
| git stage . | ||
| git commit --author "format-pr-bot <[email protected]>" -m "[Automated] Format code" || echo "No changes to commit" | ||
| git commit --author "DangoCat[bot] <[email protected]>" -m "[Automated] Format code" || echo "No changes to commit" | ||
| - name: Push | ||
| run: git push | ||
|
|
||
| # Comments are more complicated because the action runs in the context of TurboWarp/extensions but | ||
| # we are processing content from the possibly malicious pull request. We break this into two | ||
| # separate jobs. | ||
| # The first job downloads the pull request, formats it, and uploads the new files to an artifact. | ||
| # Important to have no permissions for this because the code can't be trusted. | ||
| comment-format-untrusted: | ||
| runs-on: ubuntu-latest | ||
| if: github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '!format') | ||
| permissions: {} | ||
| steps: | ||
| - name: Checkout upstream | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | ||
| with: | ||
| repository: TurboWarp/extensions | ||
| persist-credentials: false | ||
| - name: Checkout pull request | ||
| run: gh pr checkout "$PR_NUM" | ||
| env: | ||
| PR_NUM: ${{ github.event.issue.number }} | ||
| GH_TOKEN: ${{ github.token }} | ||
| - name: Install Node.js | ||
| uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af | ||
| with: | ||
| node-version: 20.x | ||
| - name: Install dependencies | ||
| run: npm ci | ||
| - name: Format | ||
| run: npm run format | ||
| - name: Upload formatted code | ||
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b | ||
| with: | ||
| name: comment-format-untrusted-artifact | ||
| path: extensions/ | ||
| if-no-files-found: error | ||
| retention-days: 7 | ||
|
|
||
| # Second job downloads the artifact, extracts it, and pushes it. | ||
| comment-push: | ||
| runs-on: ubuntu-latest | ||
| needs: comment-format-untrusted | ||
| permissions: | ||
| contents: write | ||
| steps: | ||
| - name: Checkout upstream | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | ||
| with: | ||
| repository: TurboWarp/extensions | ||
| # Credentials needed at the end to do the push. | ||
| persist-credentials: true | ||
| - name: Checkout pull request | ||
| run: gh pr checkout "$PR_NUM" | ||
| env: | ||
| PR_NUM: ${{ github.event.issue.number }} | ||
| GH_TOKEN: ${{ github.token }} | ||
| - name: Download formatted code | ||
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | ||
| with: | ||
| name: comment-format-untrusted-artifact | ||
| path: extensions | ||
| - name: Commit | ||
| run: | | ||
| git config --global user.name "$GITHUB_ACTOR" | ||
| git config --global user.email "[email protected]" | ||
| git stage . | ||
| git commit --author "DangoCat[bot] <[email protected]>" -m "[Automated] Format code" || echo "No changes to commit" | ||
| - name: Push | ||
| run: git push | ||
| # Explicitly set push.default to upstream, otherwise by default git might complain about us being on a | ||
| # branch called "DangoCat/master" but the corresponding branch on remote "DangoCat" is just "master". | ||
| run: | | ||
| git config --global push.default upstream | ||
| git push | ||