forked from janus-idp/helm-backstage
-
Notifications
You must be signed in to change notification settings - Fork 30
97 lines (83 loc) · 3.93 KB
/
pre-commit.yaml
File metadata and controls
97 lines (83 loc) · 3.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
name: Pre-commit
on:
# pull_request_target needed to be able to commit and push pre-commit diffs to external fork PRs.
# But we included a manual authorization safeguard to prevent PWN requests. See the 'authorize' job below.
pull_request_target:
branches:
- main
- rhdh-1.[0-9]+
- 1.[0-9]+.x
- release-1.[0-9]+
concurrency:
group: ${{ github.workflow }}-${{ github.event.number }}
cancel-in-progress: true
jobs:
authorize:
# The 'external' environment is configured with the maintainers team as required reviewers.
# All the subsequent jobs in this workflow 'need' this job, which will require manual approval for PRs coming from external forks.
# see list of approvers in OWNERS file
environment:
${{ (github.event.pull_request.head.repo.full_name == github.repository ||
contains(fromJSON('["gazarenkov","kadel","nickboldt","rm3l","kim-tsao","Fortune-Ndlovu","subhashkhileri","zdrapela","openshift-cherrypick-robot"]'), github.event.pull_request.user.login)) && 'internal' || 'external' }}
runs-on: ubuntu-latest
steps:
- name: approved
run: echo "✓"
pre-commit:
name: Pre-commit
runs-on: ubuntu-latest
needs: authorize
permissions:
contents: write
pull-requests: write
env:
GO111MODULE: on
steps:
- name: Checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
with:
fetch-depth: 0
repository: ${{github.event.pull_request.head.repo.full_name}}
ref: ${{ github.event.pull_request.head.sha }}
- uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6
with:
python-version: 3.14
- uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6
with:
go-version: ^1
- name: Setup helm-docs
run: go install github.com/norwoodj/helm-docs/cmd/helm-docs@latest
- name: Run pre-commit
uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
continue-on-error: true # Don't fail immediately; we'll handle it below
with:
extra_args: --verbose --all-files --show-diff-on-failure
- name: Check for changes after pre-commit
id: diff-checker
run: |
echo "CHANGED=$(if git diff --quiet; then echo "false"; else echo "true"; fi)" >> $GITHUB_OUTPUT
- name: Commit and push any manifest changes
if: ${{ steps.diff-checker.outputs.CHANGED == 'true' }}
run: |
git remote add fork "https://github.com/${{ github.event.pull_request.head.repo.full_name }}.git"
git fetch fork ${{ github.event.pull_request.head.ref }}
git checkout -B pr-branch fork/${{ github.event.pull_request.head.ref }}
git config user.name 'github-actions[bot]'
git config user.email 'github-actions[bot]@users.noreply.github.com'
git add -A .
git commit \
-m "chore(pre-commit): Auto-fix hooks" \
-m "Co-authored-by: $GITHUB_ACTOR <$GITHUB_ACTOR@users.noreply.github.com>"
git push fork pr-branch:${{ github.event.pull_request.head.ref }}
- name: Comment on PR if manifests were updated
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
if: ${{ !cancelled() && steps.diff-checker.outputs.CHANGED == 'true' }}
continue-on-error: true
with:
script: |
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: '⚠️ <b>Files changed after running the pre-commit hooks</b><br/><br/>Those changes should have been pushed automatically to your PR branch.<br/><br/><b>NOTE: </b>If the PR checks are stuck after this additional commit, manually close the PR and immediately reopen it to trigger the checks again.'
})