ci(.github/workflows/merge-gatekeeper.yml): use merge gatekeeper for … #2306
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Lint | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: | |
schedule: | |
- cron: "0 0 * * SUN" | |
permissions: {} | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
list-tasks: | |
runs-on: ubuntu-24.04 | |
timeout-minutes: 10 | |
permissions: | |
contents: read # for checkout | |
outputs: | |
tasks: ${{ steps.list.outputs.tasks }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Install mise | |
uses: jdx/mise-action@53d027c2e96fed8f955f5d95bff910a3e031cc58 # v2.1.6 | |
with: | |
version: 2024.11.4 | |
# backends are required to run mise list | |
# cspell:ignore binstall | |
install_args: bun node cargo-binstall | |
- name: Install package.json dependencies | |
run: mise run buni:root | |
- name: List mise tasks | |
id: list | |
run: | | |
tasks=$(bun run .github/workflows/scripts/list-mise-tasks.ts) | |
echo "tasks=${tasks}" >> "${GITHUB_OUTPUT}" | |
lint: | |
needs: list-tasks | |
runs-on: ubuntu-24.04 | |
timeout-minutes: 10 | |
permissions: | |
contents: read # for checkout | |
name: ${{ matrix.name }} | |
strategy: | |
fail-fast: false | |
matrix: | |
# use include not to be treated as multi-dimensional matrix | |
# ref: https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#expanding-or-adding-matrix-configurations | |
include: ${{ fromJson(needs.list-tasks.outputs.tasks) }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Install mise | |
uses: jdx/mise-action@53d027c2e96fed8f955f5d95bff910a3e031cc58 # v2.1.6 | |
with: | |
version: 2024.11.4 | |
install_args: ${{ matrix.tools }} | |
- name: Run ${{ matrix.name }} | |
run: mise run ${{ matrix.task }} | |
commitlint: | |
runs-on: ubuntu-24.04 | |
timeout-minutes: 10 | |
permissions: | |
contents: read # for checkout | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 # fetch all history for commitlint | |
- name: Install mise | |
uses: jdx/mise-action@53d027c2e96fed8f955f5d95bff910a3e031cc58 # v2.1.6 | |
with: | |
version: 2024.11.4 | |
install_args: bun node | |
- name: Install package.json dependencies | |
run: mise run buni:root | |
- name: "commitlint (push: initial commit)" | |
id: commitlint-push-initial | |
# commit hash will be 000... if it doesn't exist | |
if: github.event_name == 'push' && github.event.before == '0000000000000000000000000000000000000000' | |
run: bun run commitlint --verbose --to ${{ github.event.after }} | |
- name: commitlint (push) | |
id: commitlint-push | |
if: github.event_name == 'push' && steps.commitlint-push-initial.outcome == 'skipped' | |
run: bun run commitlint --verbose --from ${{ github.event.before }} --to ${{ github.event.after }} | |
- name: commitlint (pull_request) | |
id: commitlint-pr | |
if: github.event_name == 'pull_request' | |
run: | | |
bun run commitlint --verbose --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }} | |
- name: commitlint (pull request title) | |
# continue even if the previous step fails | |
# do not use continue-on-error because it will result in a successful job | |
if: ${{ !cancelled() && (steps.commitlint-pr.outcome == 'success' || steps.commitlint-pr.outcome == 'failure') }} | |
# use intermediate environment variable to avoid injection attacks | |
# ref: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable | |
env: | |
PR_TITLE: ${{ github.event.pull_request.title }} | |
run: echo "${PR_TITLE}" | bun run commitlint --verbose | |
- name: commitlint (last commit) | |
if: steps.commitlint-push-initial.outcome == 'skipped' && steps.commitlint-push.outcome == 'skipped' && steps.commitlint-pr.outcome == 'skipped' | |
run: bun run commitlint --verbose --from ${{ github.sha }}~1 --to ${{ github.sha }} | |
actions-timeline: | |
needs: | |
- lint | |
- commitlint | |
if: ${{ !cancelled() }} | |
runs-on: ubuntu-24.04 | |
timeout-minutes: 5 | |
permissions: | |
actions: read | |
steps: | |
- name: actions-timeline | |
# cspell:ignore kesin | |
uses: Kesin11/actions-timeline@3046833d9aacfd7745c5264b7f3af851c3e2a619 # v2.2.1 |