|
| 1 | +# Runs DangerJS with a pre-configured set of rules on a Pull Request. |
| 2 | +on: |
| 3 | + workflow_call: |
| 4 | + inputs: |
| 5 | + _workflow_version: |
| 6 | + description: 'Internal: specify github-workflows (this repo) revision to use when checking out scripts.' |
| 7 | + type: string |
| 8 | + required: false |
| 9 | + default: v2 # Note: update when publishing a new version |
| 10 | + extra-dangerfile: |
| 11 | + description: 'Path to additional dangerfile to run after the main checks' |
| 12 | + type: string |
| 13 | + required: false |
| 14 | + outputs: |
| 15 | + outcome: |
| 16 | + description: Whether the Danger run finished successfully. Possible values are success, failure, cancelled, or skipped. |
| 17 | + value: ${{ jobs.danger.outputs.outcome }} |
| 18 | + |
| 19 | +jobs: |
| 20 | + danger: |
| 21 | + runs-on: ubuntu-latest |
| 22 | + outputs: |
| 23 | + outcome: ${{ steps.danger.outcome }} |
| 24 | + steps: |
| 25 | + - uses: actions/checkout@v4 |
| 26 | + with: |
| 27 | + fetch-depth: 0 |
| 28 | + |
| 29 | + - name: Download dangerfile.js |
| 30 | + run: wget https://raw.githubusercontent.com/lucas-zimerman/sentry-github-workflows/refs/heads/lz/ext-danger/danger/dangerfile.js -P ${{ runner.temp }} |
| 31 | + |
| 32 | + - name: Download external dangerfile (if provided) |
| 33 | + if: inputs.extra-dangerfile |
| 34 | + run: | |
| 35 | + # Download the external dangerfile from the calling repository |
| 36 | + wget "https://raw.githubusercontent.com/${{ github.repository }}/${{ github.head_ref || github.ref_name }}/${{ inputs.extra-dangerfile }}" -P ${{ runner.temp }} |
| 37 | + echo "Downloaded external dangerfile: ${{ inputs.extra-dangerfile }}" |
| 38 | +
|
| 39 | + # Using a pre-built docker image in GitHub container registry instaed of NPM to reduce possible attack vectors. |
| 40 | + - name: Run DangerJS |
| 41 | + id: danger |
| 42 | + run: | |
| 43 | + docker run \ |
| 44 | + --rm \ |
| 45 | + --interactive \ |
| 46 | + --volume ${{ github.workspace }}:/github/workspace \ |
| 47 | + --volume ${{ runner.temp }}:${{ runner.temp }} \ |
| 48 | + --workdir /github/workspace \ |
| 49 | + --user root \ |
| 50 | + -e "INPUT_ARGS" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true \ |
| 51 | + -e GITHUB_TOKEN="${{ github.token }}" \ |
| 52 | + -e DANGER_DISABLE_TRANSPILATION="true" \ |
| 53 | + -e EXTRA_DANGERFILE_INPUT="${{ inputs.extra-dangerfile }}" \ |
| 54 | + -e RUNNER_TEMP="${{ runner.temp }}" \ |
| 55 | + ghcr.io/danger/danger-js:13.0.1 \ |
| 56 | + --failOnErrors --dangerfile ${{ runner.temp }}/dangerfile.js |
0 commit comments