-
-
Notifications
You must be signed in to change notification settings - Fork 362
/
GitHubActions.ts
284 lines (269 loc) · 8.3 KB
/
GitHubActions.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
import { Env, CISource } from "../ci_source"
import { ensureEnvKeysExist } from "../ci_source_helpers"
import { readFileSync, existsSync } from "fs"
// https://developer.github.com/actions/
/**
* ### CI Setup
*
* * <!-- JS --!>
* There are two ways to use Danger with GitHub Actions. If you include Danger as a dev-dependency, then
* you can call danger directly as another build-step after your tests:
*
* ```ruby
* name: Node CI
* on: [pull_request]
*
* jobs:
* test:
* runs-on: ubuntu-latest
*
* steps:
* - uses: actions/checkout@master
* - name: Use Node.js 10.x
* uses: actions/setup-node@v1
* with:
* node-version: 10.x
* - name: install yarn
* run: npm install -g yarn
* - name: yarn install, build, and test
* run: |
* yarn install --frozen-lockfile
* yarn build
* yarn test
* - name: Danger
* run: yarn danger ci
* env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
* ```
*
* If you are not running in a JavaScript ecosystem, or don't want to include the dependency then
* you can use Danger JS as an action.
*
* ```yml
* name: "Danger JS"
* on: [pull_request]
*
* jobs:
* build:
* name: Danger JS
* runs-on: ubuntu-latest
* steps:
* - uses: actions/checkout@v1
* - name: Danger
* uses: danger/danger-js@9.1.6
* env:
* GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
* ```
*
* Note it's likely the version number should change, but you get the point. This will run Danger
* self-encapsulated inside a GitHub action.
*
* If you are using DangerJS on GitHub Enteprise, you will need to set the Danger user ID to
* the GitHub Actions bot. This will enable Danger to correctly comment and update on PRs.
*
* * ```yml
* name: "Danger JS"
* on: [pull_request]
*
* jobs:
* build:
* name: Danger JS
* runs-on: ubuntu-latest
* steps:
* - uses: actions/checkout@v1
* - name: Danger
* uses: danger/danger-js@9.1.6
* env:
* GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
* DANGER_GHE_ACTIONS_BOT_USER_ID: *user_id*
* ```
*
* <!-- !JS --!>
* <!-- Swift --!>
*
* There are two ways to use Danger with GitHub Actions. If you include Danger as a dependency, then
* you can call danger directly as another build-step after your tests:
*
* ```ruby
* name: CI
* on: [pull_request]
* jobs:
* build:
* runs-on: macos-latest
*
* steps:
* - uses: actions/checkout@master
* - name: Build
* run: swift build
*
* - name: Test
* run: swift test
*
* - name: Danger
* run: danger-swift ci
* env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
* ```
*
* If don't want to include the dependency then you can use Danger Swift via an action.
*
* ```yml
* name: "Danger Swift"
* on: [pull_request]
*
* jobs:
* build:
* name: Danger JS
* runs-on: ubuntu-latest
* steps:
* - uses: actions/checkout@v1
* - name: Danger
* uses: danger/swift@2.0.1
* env:
* GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
* ```
*
* Note it's likely the version number should change, but you get the point. This will run Danger
* self-encapsulated inside a GitHub action.
*
* <!-- !Swift --!>
*
* You can pass additional CLI to Danger via an action via the args:
*
* ```
* - uses: danger/...
* with:
* args: "--dangerfile artsy/peril-settings/org/allPRs.ts"
* ```
*
* This runs the file [`org/allPRs.ts`](https://github.com/artsy/peril-settings/blob/master/org/allPRs.ts)
* from the repo [artsy/peril-settings](https://github.com/artsy/peril-settings). This gives you the ability
* to have Danger acting on non-pull-requests via GitHub Actions.
*
* ### Token Setup
*
* You need to make sure that the secret `"GITHUB_TOKEN"` is
* enabled in your workspace. This is so that Danger can connect
* to GitHub.
*
* ```yml
* - name: Danger JS
* uses: danger/danger-js@9.1.6
* env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
* ```
*
* [GitHub automatically creates a `GITHUB_TOKEN` secret to use in your workflow](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token).
* You can use the `GITHUB_TOKEN` to authenticate in a workflow run.
* Using this token will post the danger comment as the `github-actions` app user.
*
* Note: `secrets.GITHUB_TOKEN` will not be available for PRs from forks. This is a GitHub
* security constraint, if you have an OSS app, we recommend using a personal token like below.
*
* #### Using Personal Tokens
*
* If you need to post the danger comment as some particular user or for some other reason
* you need to use a personal token for danger then you can provide it in env as DANGER_GITHUB_API_TOKEN.
*
* ```yml
* - name: Danger JS
* uses: danger/danger-js@9.1.6
* env: DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }}
* ```
* #### OSS Tokens
*
* The security models for GitHub actions means that you cannot use `secrets.GITHUB_TOKEN`
* in PRs from forks. This can be tricky with OSS contributions. In these cases, create a
* new GitHub account and set up your `.yml` like this:
*
* ```yml
* - name: Set danger env
* run: echo "DANGER_GITHUB_API_TOKEN=$(echo FIRST_HALF + SECOND_HALF)" >> $GITHUB_ENV
*
* - name: Run Danger
* run: yarn danger ci
* env:
* DANGER_GITHUB_API_TOKEN: ${{ env.DANGER_GITHUB_API_TOKEN }}
* ```
*
* #### Advanced
*
* If you understand the security ramifications, Danger JS can run on a `pull_request_target`
* workflow, instead of a `pull_request`. You should thoroughly read [the docs first](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request_target).
*
* ```yml
* on:
* pull_request_target:
* types: [assigned, opened, synchronize, reopened]
*
* jobs:
* build:
* runs-on: ubuntu-latest
*
* steps:
* - uses: actions/checkout@v1
* - uses: actions/setup-node@v1
* - run: yarn install
*
* - run: yarn danger ci
* env:
* DANGER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
* ```
*
* Note that when using Danger in this way, you will not have the file-system set up for
* the PR, so you cannot use `fs` to read a file (use `danger.github.utils.fileContents` instead)
* but the usual PR metadata and DSL will act the same.
*/
export class GitHubActions implements CISource {
private event: any
constructor(private readonly env: Env, event: any = undefined) {
const { GITHUB_EVENT_PATH } = env
const eventFilePath = GITHUB_EVENT_PATH || "/github/workflow/event.json"
if (event !== undefined) {
this.event = event
} else if (existsSync(eventFilePath)) {
const event = readFileSync(eventFilePath, "utf8")
this.event = JSON.parse(event)
}
}
get name(): string {
return "GitHub Actions"
}
get isCI(): boolean {
return ensureEnvKeysExist(this.env, ["GITHUB_WORKFLOW"])
}
get isPR(): boolean {
// This one is complicated, because it needs to not *just* support PRs
return true
}
get useEventDSL() {
return this.event.pull_request === undefined && this.event.issue === undefined
}
get pullRequestID(): string {
if (this.event.pull_request !== undefined) {
return this.event.pull_request.number
} else if (this.event.issue !== undefined) {
return this.event.issue.number
}
throw new Error("pullRequestID was called on GitHubActions when it wasn't a PR")
}
get repoSlug(): string {
if (this.event.pull_request !== undefined) {
return this.event.pull_request.base.repo.full_name
} else if (this.event.repository !== undefined) {
return this.event.repository.full_name
}
throw new Error("repoSlug was called on GitHubActions when it wasn't a PR")
}
// I made a request for this
// get ciRunURL() {
// return process.env.BUILD_URL
// }
}
export const githubActionsWorkflowWarningCheck = () => {
const eventName = process.env.GITHUB_EVENT_NAME
const isPR = eventName === "pull_request"
if (!isPR) {
console.log(
"Note: Running Danger on with generalised GitHub Actions support, this does not include `danger.github.pr`."
)
console.log(" If you expected a PR run, change your workflow's 'on' to be pull_request.")
}
}