nocebo/diaspora_federation
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #130 from denschub/prontohub
Some checks failed
CI / Ruby: 2.7, Rails: 5.2 (push) Has been cancelled
Details
CI / Ruby: 2.7, Rails: 6.0 (push) Has been cancelled
Details
CI / Ruby: 3.0, Rails: 6.0 (push) Has been cancelled
Details
CI / Ruby: 3.1, Rails: 6.0 (push) Has been cancelled
Details
CI / Ruby: 3.2, Rails: 6.0 (push) Has been cancelled
Details
CI / Ruby: 2.7, Rails: 6.1 (push) Has been cancelled
Details
CI / Ruby: 3.0, Rails: 6.1 (push) Has been cancelled
Details
CI / Ruby: 3.1, Rails: 6.1 (push) Has been cancelled
Details
CI / Ruby: 3.2, Rails: 6.1 (push) Has been cancelled
Details
CI / Ruby: 2.7, Rails: 7.0 (push) Has been cancelled
Details
CI / Ruby: 3.0, Rails: 7.0 (push) Has been cancelled
Details
CI / Ruby: 3.1, Rails: 7.0 (push) Has been cancelled
Details
CI / Ruby: 3.2, Rails: 7.0 (push) Has been cancelled
Details
CI / Ruby: 2.7, Rails: none (push) Has been cancelled
Details
CI / Ruby: 3.0, Rails: none (push) Has been cancelled
Details
CI / Ruby: 3.1, Rails: none (push) Has been cancelled
Details
CI / Ruby: 3.2, Rails: none (push) Has been cancelled
Details

Browse source 
[CI] Run Pronto on GitHub Actions.
This commit is contained in:
Benjamin Neff 2023-06-16 01:29:48 +02:00
commit 4468b8b8e1
No known key found for this signature in database
GPG key ID: 971464C3F1A90194
1 changed files with 59 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
.github/workflows/lint.yml vendored Normal file
View file

@ -0,0 +1,59 @@
## SECURITY WARNING:
##
## Do not change this job unless you know what you're doing.
##
## This GitHub Action runs on: pull_request_target, which means the jobs run in
## a context where they have access to a Access Token with write access to the
## target repo, even if the PR is opened from an external contributor from their
## fork.
##
## This means that if we're not careful, we could be running third-party code
## within an authenticated scope, which isn't good. To mitigate this, this
## implementation does:
##
## 1. checkout the target branch (i.e. the project's original sources)
## 2. install the Gems from there, and install them into a directory that's
## outside the repository contents.
## 3. checkout the PRs HEAD
## 4. restore a bunch of files that would allow code execution from the
## project's upstream sources, namely:
## - bin/bundle - we'll run that in our Job
## - Gemfile/Gemfile.lock - to avoid loading a gem with an identical
## version number from a in-repo vendored directory
name: Lint
on:
pull_request_target:
permissions:
contents: read
statuses: write
pull-requests: write
jobs:
pronto:
runs-on: ubuntu-latest
steps:
- name: Checkout Target branch
uses: actions/checkout@v3
with:
ref: ${{ github.base_ref }}
fetch-depth: 0
- uses: ruby/setup-ruby@v1
with:
ruby-version: "3.1"
bundler-cache: true
- name: Checkout PR HEAD
run: |
git fetch -q origin +refs/pull/${{ github.event.pull_request.number }}/head:
git checkout -qf FETCH_HEAD
- name: Restore the bundle binstub and Gemfiles from the target branch
run: |
git restore -s ${{ github.base_ref }} -- bin/bundle
git restore -s ${{ github.base_ref }} -- Gemfile
git restore -s ${{ github.base_ref }} -- Gemfile.lock
- name: Run Pronto
run: bin/bundle exec pronto run -f github_status github_pr_review -c ${{ github.base_ref }}
env:
PRONTO_PULL_REQUEST_ID: ${{ github.event.pull_request.number }}
PRONTO_GITHUB_ACCESS_TOKEN: ${{ github.token }}