ci: set permissions and use github token #193
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Linting | |
on: | |
pull_request: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write | |
contents: write | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Get changed files | |
id: changes | |
uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 | |
with: | |
# Paths to files will be available in `${FILTER_NAME}_files` output variable. | |
list-files: json | |
filters: | | |
all: | |
- added|modified: '**/*' | |
# TODO: split out requirements-dev.txt | |
- uses: getsentry/action-setup-venv@a133e6fd5fa6abd3f590a1c106abda344f5df69f # v2.1.0 | |
with: | |
python-version: 3.11.8 | |
cache-dependency-path: | | |
requirements.txt | |
install-cmd: pip install -r requirements-precommit.txt | |
- name: Setup pre-commit | |
run: | | |
pre-commit install | |
- name: Run pre-commit on PR commits | |
id: pre-commit_results | |
continue-on-error: true | |
run: | | |
jq '.[]' --raw-output <<< '${{steps.changes.outputs.all_files}}' | | |
# Run pre-commit to lint and format check files that were changed (but not deleted) compared to master. | |
xargs pre-commit run --files | |
- name: Apply any pre-commit fixed files | |
if: ${{ steps.pre-commit_results.outcome == 'failure' }} | |
# note: this runs "always" or else it's skipped when pre-commit fails | |
uses: getsentry/action-github-commit@31f6706ca1a7b9ad6d22c1b07bf3a92eabb05632 # v2.0.0 | |
with: | |
github-token: ${{secrets.GITHUB_TOKEN}} | |
message: ':hammer_and_wrench: apply pre-commit fixes' |