generated from wrappid/wrappid-module
-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
improve PR checks for external contributors ref: #28
- Loading branch information
1 parent
17a34be
commit 69bc02d
Showing
1 changed file
with
42 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,6 +5,28 @@ run-name: > | |
| on: pull_request | ||
|
|
||
| jobs: | ||
|
|
||
| check_sensitive_files: | ||
| name: Check for sensitive file modifications | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check out code | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Check for sensitive file modifications | ||
| run: | | ||
| MODIFIED_FILES=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }}) | ||
| SENSITIVE_FILES=$(echo "$MODIFIED_FILES" | grep -E '^\.github/|^LICENSE$|^CONTRIBUTING\.md$' || true) | ||
| if [ ! -z "$SENSITIVE_FILES" ] && [ "${{ github.event.pull_request.user.id }}" != "${{ env.ALLOWED_USERNAME }}" ]; then | ||
| echo "Error: Unauthorized modification of sensitive files detected:" | ||
| echo "$SENSITIVE_FILES" | ||
| echo "Only user with ID 61864488 is allowed to modify these files." | ||
| exit 1 | ||
| fi | ||
| branchname: | ||
| name: Validate branch name | ||
| runs-on: ubuntu-latest | ||
|
|
@@ -32,11 +54,15 @@ jobs: | |
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Check out branch | ||
| - name: Check out code | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Fetch PR commits | ||
| run: | | ||
| git fetch origin +refs/pull/${{ github.event.pull_request.number }}/head:refs/remotes/origin/pr/${{ github.event.pull_request.number }} | ||
| - name: Use Node.js | ||
| uses: actions/setup-node@v3 | ||
| with: | ||
|
|
@@ -49,7 +75,7 @@ jobs: | |
| - name: Install commitlint | ||
| run: | | ||
| npm ci | ||
| npm i | ||
| npm install [email protected] | ||
| - name: Print versions | ||
|
|
@@ -59,14 +85,19 @@ jobs: | |
| npm --version | ||
| npx commitlint --version | ||
| - name: Run commitlint | ||
| run: > | ||
| npx commitlint | ||
| --from ${{ github.event.pull_request.head.sha }}~${{ github.event.pull_request.commits }} | ||
| --to ${{ github.event.pull_request.head.sha }} | ||
| --verbose | ||
| - name: Get commit range | ||
| id: commit_range | ||
| run: | | ||
| BASE_SHA=$(git merge-base ${{ github.event.pull_request.base.sha }} origin/pr/${{ github.event.pull_request.number }}) | ||
| echo "base_sha=$BASE_SHA" >> $GITHUB_OUTPUT | ||
| HEAD_SHA=${{ github.event.pull_request.head.sha }} | ||
| echo "head_sha=$HEAD_SHA" >> $GITHUB_OUTPUT | ||
| codelint-app: | ||
| - name: Run commitlint | ||
| run: | | ||
| npx commitlint --from ${{ steps.commit_range.outputs.base_sha }} --to ${{ steps.commit_range.outputs.head_sha }} --verbose | ||
| codelint_app: | ||
| name: Validate app code style | ||
| runs-on: ubuntu-latest | ||
|
|
||
|
|
@@ -110,7 +141,7 @@ jobs: | |
| run: | | ||
| npm run code:lint:app ${{ steps.git_diff.outputs.FILES_TO_LINT }} | ||
| codelint-service: | ||
| codelint_service: | ||
| name: Validate service code style | ||
| runs-on: ubuntu-latest | ||
|
|
||
|
|
@@ -157,7 +188,7 @@ jobs: | |
| unit_tests: | ||
| name: Run unit test cases | ||
| runs-on: ubuntu-latest | ||
| needs: [branchname, commitlint, codelint-app, codelint-service] | ||
| needs: [branchname, commitlint, codelint_app, codelint_service] | ||
|
|
||
| steps: | ||
| - name: Check out branch | ||
|
|
||