-
Notifications
You must be signed in to change notification settings - Fork 0
80 lines (70 loc) · 3.95 KB
/
lint-global.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
---
name: lint-global
# This workflow is reused accross our repositories and enables auto-fix for a given actor
on:
workflow_call:
inputs:
autofix-actor:
description: Name of the actor that will trigger auto-fix
default: renovate[bot]
type: string
jobs:
lint:
name: pre-commit
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
# This step is required as we want to use the bot for the checkout,
# this way, the auto-fix step will commit using this user
- name: Set autofix_pr environment variable
run: |
if [[ "${{ github.actor }}" == "${{ inputs.autofix-actor }}" && "${{ github.event_name }}" == "pull_request" ]]; then
echo "autofix_pr=true" | tee -a "$GITHUB_ENV"
else
echo "autofix_pr=false" | tee -a "$GITHUB_ENV"
fi
- name: Generate token for GitHub
id: generate-github-token
if: env.autofix_pr == 'true'
uses: camunda/infra-global-github-actions/generate-github-app-token-from-vault-secrets@8a68f36933b77338ddde36d5b6f8fb8f9aad6cc3 # main
with:
github-app-id-vault-key: GITHUB_APP_ID
github-app-id-vault-path: secret/data/products/infrastructure-experience/ci/common
github-app-private-key-vault-key: GITHUB_APP_PRIVATE_KEY
github-app-private-key-vault-path: secret/data/products/infrastructure-experience/ci/common
vault-auth-method: approle
vault-auth-role-id: ${{ secrets.VAULT_ROLE_ID }}
vault-auth-secret-id: ${{ secrets.VAULT_SECRET_ID }}
vault-url: ${{ secrets.VAULT_ADDR }}
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
if: env.autofix_pr == 'true'
# see http>s://github.com/EndBug/add-and-commit?tab=readme-ov-file#working-with-prs
with:
token: ${{ steps.generate-github-token.outputs.token }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.ref }}
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
if: env.autofix_pr == 'false'
- name: Install tooling using asdf
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
- uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
id: pre_commit_check_first_run
with:
extra_args: --all-files --verbose
- name: Rerun pre-commit to autofix files if pre-commit failed
uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
if: always() && env.autofix_pr == 'true' && steps.pre_commit_check_first_run.outcome != 'success'
id: pre_commit_check_second_run
with:
extra_args: --all-files --verbose
- name: Commit Changes made by pre-commit fix
# This workflow checks the files after the first pre-commit run.
# If the second run fixes the files, it indicates that pre-commit applied automatic fixes.
# If the issue persists, it means pre-commit was unable to resolve it.
# We want to apply automatic fixes made by pre-commit.
if: always() && env.autofix_pr == 'true' && steps.pre_commit_check_first_run.outcome != 'success' && steps.pre_commit_check_second_run.outcome
== 'success'
uses: getsentry/action-github-commit@5972d5f578ad77306063449e718c0c2a6fbc4ae1 # main
with:
github-token: ${{ steps.generate-github-token.outputs.token }}
message: 'chore: update files from pre-commit run'