-
-
Notifications
You must be signed in to change notification settings - Fork 203
92 lines (81 loc) · 3.15 KB
/
sheldon.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
name: Pull request feedback
on:
pull_request_target:
types: [ opened, synchronize, workflow_dispatch]
permissions: {}
jobs:
test:
permissions:
contents: write # to push code in repo (stefanzweifel/git-auto-commit-action)
pull-requests: write # to comment on pull requests
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
steps:
# owner-test just checks out the PR -- this has an exfiltration risk, make SURE that
# this can only be triggered by people with repo write access -- such as people that can add
# labels to a PR
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests
- name: Checkout repo for OWNER TEST
uses: actions/checkout@v3
if: contains(github.event.pull_request.labels.*.name, 'safe to test')
with:
ref: ${{ github.event.pull_request.head.ref }}
# otherwise, checkout the current master, and the pr to the subdirectory 'pull-request'
- name: Checkout base repo for pull-request test
uses: actions/checkout@v3
if: "! contains(github.event.pull_request.labels.*.name, 'safe to test')"
- name: Checkout pull-request
uses: actions/checkout@v3
if: "! contains(github.event.pull_request.labels.*.name, 'safe to test')"
with:
repository: ${{ github.event.pull_request.head.repo.full_name }}
path: pull-request
ref: ${{ github.event.pull_request.head.ref }}
token: ${{ secrets.GITHUB_TOKEN }}
- name: Check for relevant changes
uses: dorny/paths-filter@v3
id: changed
with:
list-files: shell
filters: |
style:
- '*.csl'
- 'dependent/*.csl'
locale:
- '*.xml'
- name: Changed files
run: |
echo changed: ${{ steps.changed.outputs.style_files }} ${{ steps.changed.outputs.locale_files }}
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.0.2
- name: but use cache to speed that up
uses: actions/cache@v4
with:
path: vendor/bundle
key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}
restore-keys: |
${{ runner.os }}-gems-
- name: Bundle install
run: |
bundle config path vendor/bundle
bundle update sheldon --jobs 4 --retry 3
- name: Welcome to a new PR
if: github.event.action == 'opened' && steps.changed.outputs.style == 'true'
run: bundle exec sheldon --token=$GITHUB_TOKEN --welcome
- name: See if the styles/locales work
run: bundle exec rake
- name: report
if: (failure() || success()) && steps.changed.outputs.style == 'true'
run: bundle exec sheldon --token=$GITHUB_TOKEN --${{ job.status }} --verbose
- name: commit reindented styles
if: github.repository == 'citation-style-language/styles' && steps.changed.outputs.style == 'true'
continue-on-error: true
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: Re-indent CSL styles
file_pattern: ${{ steps.changed.outputs.style_files }}
repository: pull-request
skip_dirty_check: false