Squashed 'buildres/csl/csl-locales/' changes from ecb8e70233..79c4dba80a

79c4dba80a copied .github/workflows/merge.yaml .github/workflows/sheldon.yaml from styles 444eafb731 copied .github/workflows/sheldon.yaml from styles 810aad5bbc Add Hindi locale file (#216) 81e7a4db3e copied .github/workflows/sheldon.yaml from styles 01e105d03f copied .github/workflows/sheldon.yaml from styles 5e7a243493 copied .github/workflows/sheldon.yaml from styles 0cc2f75795 copied .github/workflows/sheldon.yaml from styles 01ccfd6e97 Update locales.json 5627bdaadb Update locales.json af8f991570 Stop notifying 8827 port on Zotero servers (#215) 3ad32f0fb9 copied .github/workflows/merge.yaml from styles git-subtree-dir: buildres/csl/csl-locales git-subtree-split: 79c4dba80a16ad71a1ef462dcdba4db48e4f77ba
JabRef · Mar 14, 2021 · bf7344c · bf7344c
1 parent b22311f
commit bf7344c
Show file tree

Hide file tree

Showing 4 changed files with 392 additions and 18 deletions.
diff --git a/.github/workflows/merge.yaml b/.github/workflows/merge.yaml
@@ -58,7 +58,7 @@ jobs:
       if: github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && (steps.update.outputs.updated == 'true' || steps.update.outputs.deleted == 'true'))
       uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.7.1
+        ruby-version: 3.0.0
     - name: but use cache to speed that up
       if: github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && (steps.update.outputs.updated == 'true' || steps.update.outputs.deleted == 'true'))
       uses: actions/cache@v2
@@ -98,13 +98,10 @@ jobs:
       if: github.event_name == 'workflow_dispatch'
 
     # https://styles-update.zotero.org:8826/ is for Zotero (styles page, API's citation server, client style updates, etc.)
-    # https://styles-update.zotero.org:8827/ is for the Zotero-run instance of https://github.com/citation-style-language/distribution-updater
-    # that performs the updating of the (to-be-deprecated) https://github.com/citation-style-language/styles-distribution/ repo
     - name: ping Zotero servers
       if: github.repository == 'citation-style-language/styles'
       run: |
         curl -H 'Content-Length:' -H "Authorization: $ZOTERO_UPDATE_TOKEN" -F 'payload={"type":"push","branch":"${{ steps.release.outputs.branch }}","status":0,"commit":"'$GITHUB_SHA'"}' https://styles-update.zotero.org:8826/
-        curl -H 'Content-Length:' -H "Authorization: $ZOTERO_UPDATE_TOKEN" -F 'payload={"type":"push","branch":"${{ steps.release.outputs.branch }}","status":0,"commit":"'$GITHUB_SHA'"}' https://styles-update.zotero.org:8827/
 
     - name: Copy workflows to locales repository
       if: github.repository == 'citation-style-language/styles' && steps.update.outputs.workflows == 'true'

diff --git a/.github/workflows/sheldon.yaml b/.github/workflows/sheldon.yaml
@@ -2,15 +2,34 @@ name: Pull request feedback
 
 on:
   pull_request_target:
-    types: [ opened, synchronize ]
+    types: [ opened, synchronize, labeled ]
 
 jobs:
   test:
     runs-on: ubuntu-latest
     env:
       GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
     steps:
-    - uses: actions/checkout@v2
+    # owner-test just checks out the PR -- this has an exfiltration risk, make SURE that
+    # this can only be triggered by people with repo write access -- such as people that can add
+    # labels to a PR
+    # https://securitylab.github.com/research/github-actions-preventing-pwn-requests
+    - name: Checkout repo for OWNER TEST
+      uses: actions/checkout@v2
+      if: contains(github.event.pull_request.labels.*.name, 'safe to test')
+      with:
+        ref: ${{ github.event.pull_request.head.sha }}
+
+    # otherwise, checkout the current master, and the pr to the subdirectory 'pr'
+    - name: Checkout base repo for pull-request test
+      uses: actions/checkout@v2
+      if: "! contains(github.event.pull_request.labels.*.name, 'safe to test')"
+    - name: Checkout pull-request
+      uses: actions/checkout@v2
+      if: "! contains(github.event.pull_request.labels.*.name, 'safe to test')"
+      with:
+        path: pull-request
+        ref: ${{ github.event.pull_request.head.sha }}
 
     - name: Check for relevant changes
       uses: dorny/paths-filter@v2
@@ -29,36 +48,28 @@ jobs:
         echo changed: ${{ steps.changed.outputs.style_files }} ${{ steps.changed.outputs.locale_files }}
 
     - name: Set up Ruby
-      if: steps.changed.outputs.style == 'true' || steps.changed.outputs.locale == 'true'
       uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.7.1
+        ruby-version: 3.0.0
     - name: but use cache to speed that up
-      if: steps.changed.outputs.style == 'true' || steps.changed.outputs.locale == 'true'
       uses: actions/cache@v2
       with:
         path: vendor/bundle
         key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}
         restore-keys: |
           ${{ runner.os }}-gems-
     - name: Bundle install
-      if: steps.changed.outputs.style == 'true' || steps.changed.outputs.locale == 'true'
       run: |
         bundle config path vendor/bundle
         bundle update sheldon --jobs 4 --retry 3
 
-    - name: Apply the PR
-      if: steps.changed.outputs.style == 'true' || steps.changed.outputs.locale == 'true'
-      run: bundle exec sheldon --token=$GITHUB_TOKEN --apply
-
     - name: Welcome to a new PR
       if: github.event.action == 'opened' && steps.changed.outputs.style == 'true'
       run: bundle exec sheldon --token=$GITHUB_TOKEN --welcome
 
     - name: See if the styles/locales work
-      if: steps.changed.outputs.style == 'true' || steps.changed.outputs.locale == 'true'
       run: bundle exec rake
 
     - name: report
       if: (failure() || success()) && steps.changed.outputs.style == 'true'
-      run: bundle exec sheldon --token=$GITHUB_TOKEN --report --verbose
+      run: bundle exec sheldon --token=$GITHUB_TOKEN --${{ job.status }} --verbose