github-workflows/.github/workflows/danger.yml at c2d6b718e4e8263f0f9b1bc2bbf6deea7134eb23 · getsentry/github-workflows · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# Runs DangerJS with a pre-configured set of rules on a Pull Request.
on:
  workflow_call:
    outputs:
      outcome:
        description: Whether the Danger run finished successfully. Possible values are success, failure, cancelled, or skipped.
        value: ${{ jobs.danger.outputs.outcome }}

jobs:
  danger:
    runs-on: ubuntu-latest
    outputs:
      outcome: ${{ steps.danger.outcome }}
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Download dangerfile.js and utilities
        run: |
          # Extract the ref from GITHUB_WORKFLOW_REF (e.g., getsentry/github-workflows/.github/workflows/danger.yml@refs/pull/109/merge -> refs/pull/109/merge)
          WORKFLOW_REF=$(echo "${{ github.workflow_ref }}" | sed 's/.*@//')
          wget https://raw.githubusercontent.com/getsentry/github-workflows/${WORKFLOW_REF}/danger/dangerfile.js -P ${{ runner.temp }}
          wget https://raw.githubusercontent.com/getsentry/github-workflows/${WORKFLOW_REF}/danger/dangerfile-utils.js -P ${{ runner.temp }}

      # Using a pre-built docker image in GitHub container registry instaed of NPM to reduce possible attack vectors.
      - name: Run DangerJS
        id: danger
        run: |
          docker run \
            --volume ${{ github.workspace }}:/github/workspace \
            --volume ${{ runner.temp }}:${{ runner.temp }} \
            --workdir /github/workspace \
            --user $UID \
            -e "INPUT_ARGS" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true \
            -e GITHUB_TOKEN="${{ github.token }}" \
            -e DANGER_DISABLE_TRANSPILATION="true" \
            ghcr.io/danger/danger-js:11.3.1 \
            --failOnErrors --dangerfile ${{ runner.temp }}/dangerfile.js