Jose
eb5bde86d6
Some checks failed
ansible-lint / Ansible Lint (push) Successful in 12s
Gitleaks Scan / gitleaks (push) Successful in 5s
Markdown Lint / markdown-lint (push) Successful in 5s
ai-reviews / Review PR (pull_request) Successful in 35s
PR check / Gitleaks (pull_request) Failing after 4s
PR check / lint tests (pull_request) Successful in 13s
PR check / handle_failures (pull_request) Successful in 2s
PR check / handle_success (pull_request) Has been skipped
This commit updates the redaction setting from `--redact=10` to `--redact=false` in the `.gitea/workflows/pr-check.yaml` file. This change ensures that no redaction occurs during the PR check process, maintaining full visibility and integrity of the data being checked.
168 lines
5.4 KiB
YAML
168 lines
5.4 KiB
YAML
---
|
|
# https://github.com/kekxv/pr-check
|
|
name: PR check
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, synchronize]
|
|
|
|
jobs:
|
|
leak_test:
|
|
name: Gitleaks
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v6
|
|
with:
|
|
github-server-url: ${{ vars.GIT_SERVER_URL }}
|
|
|
|
- name: Install Gitleaks
|
|
run: |
|
|
curl -sSL https://github.com/gitleaks/gitleaks/releases/download/v8.30.0/gitleaks_8.30.0_linux_x64.tar.gz \
|
|
| tar -xz
|
|
sudo mv gitleaks /usr/local/bin/
|
|
|
|
- name: Run Gitleaks
|
|
run: |
|
|
gitleaks dir . \
|
|
--config .gitleaks.toml \
|
|
--redact=false \
|
|
--verbose \
|
|
--exit-code 1
|
|
|
|
lint_test:
|
|
name: lint tests
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v6
|
|
with:
|
|
github-server-url: ${{ vars.GIT_SERVER_URL }}
|
|
|
|
- name: Install Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
|
|
- name: Run markdownlint
|
|
run: npx markdownlint-cli2 "**/*.md" "#node_modules"
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.14"
|
|
|
|
- name: Install ansible-lint and yamllint
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install ansible ansible-lint yamllint
|
|
|
|
- name: Run yamllint
|
|
run: |
|
|
yamllint .
|
|
|
|
- name: Run ansible-lint
|
|
run: |
|
|
ansible-lint
|
|
|
|
handle_failures:
|
|
runs-on: ubuntu-latest
|
|
needs: [leak_test, lint_test]
|
|
if: "${{ always() && (
|
|
needs.leak_test.result != 'success' ||
|
|
needs.lint_test.result != 'success' ) }}"
|
|
|
|
steps:
|
|
- name: Comment, label, and close PR
|
|
run: |
|
|
API="${{ vars.GIT_SERVER_URL }}/api/v1/repos/${{ github.repository }}"
|
|
PR="${{ github.event.pull_request.number }}"
|
|
TOKEN="${{ secrets.GITEA_TOKEN }}"
|
|
|
|
COMMENT_BODY="❌ CI checks failed.\n\nLeak: ${{ needs.leak_test.result }}\nLint: ${{ needs.lint_test.result }}"
|
|
|
|
# Find existing comment
|
|
EXISTING_COMMENT_ID=$(curl -s -H "Authorization: token $TOKEN" \
|
|
"$API/issues/$PR/comments" \
|
|
| jq -r '.[] | select(.body | test("<!--ci-failed-comment-->")) | .id')
|
|
|
|
# Update or create comment
|
|
if [ -n "$EXISTING_COMMENT_ID" ]; then
|
|
curl -s -X PATCH \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"body\":\"<!--ci-failed-comment-->\n$COMMENT_BODY\"}" \
|
|
"$API/issues/$PR/comments/$EXISTING_COMMENT_ID"
|
|
else
|
|
curl -s -X POST \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"body\":\"<!--ci-failed-comment-->\n$COMMENT_BODY\"}" \
|
|
"$API/issues/$PR/comments"
|
|
fi
|
|
|
|
# Add label if missing
|
|
LABELS=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels" | jq -r '.[] | .name')
|
|
if ! echo "$LABELS" | grep -q "^ci-failed$"; then
|
|
curl -s -X POST \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '["ci-failed"]' \
|
|
"$API/issues/$PR/labels"
|
|
fi
|
|
|
|
# Close PR
|
|
curl -s -X PATCH \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"state":"closed"}' \
|
|
"$API/pulls/$PR"
|
|
|
|
handle_success:
|
|
runs-on: ubuntu-latest
|
|
needs: [leak_test, lint_test]
|
|
if: needs.leak_test.result == 'success' && needs.lint_test.result == 'success'
|
|
|
|
steps:
|
|
- name: Update comment, remove label, reopen PR
|
|
run: |
|
|
API="${{ vars.GIT_SERVER_URL }}/api/v1/repos/${{ github.repository }}"
|
|
PR="${{ github.event.pull_request.number }}"
|
|
TOKEN="${{ secrets.GITEA_TOKEN }}"
|
|
|
|
COMMENT_BODY="✅ CI checks pass.\n\nLeaks: ${{ needs.leak_test.result }}\nLint: ${{ needs.lint_test.result }}"
|
|
|
|
# Find existing comment
|
|
EXISTING_COMMENT_ID=$(curl -s -H "Authorization: token $TOKEN" \
|
|
"$API/issues/$PR/comments" \
|
|
| jq -r '.[] | select(.body | test("<!--ci-failed-comment-->")) | .id')
|
|
|
|
# Update comment if exists
|
|
if [ -n "$EXISTING_COMMENT_ID" ]; then
|
|
curl -s -X PATCH \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"body\":\"<!--ci-failed-comment-->\n$COMMENT_BODY\"}" \
|
|
"$API/issues/$PR/comments/$EXISTING_COMMENT_ID"
|
|
fi
|
|
|
|
# Remove label if exists
|
|
LABELS=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels" | jq -r '.[] | .name')
|
|
if echo "$LABELS" | grep -q "^ci-failed$"; then
|
|
curl -s -X DELETE \
|
|
-H "Authorization: token $TOKEN" \
|
|
"$API/issues/$PR/labels/ci-failed"
|
|
fi
|
|
|
|
# Reopen PR if closed
|
|
PR_STATE=$(curl -s -H "Authorization: token $TOKEN" "$API/pulls/$PR" | jq -r '.state')
|
|
if [ "$PR_STATE" = "closed" ]; then
|
|
curl -s -X PATCH \
|
|
-H "Authorization: token $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"state":"open"}' \
|
|
"$API/pulls/$PR"
|
|
fi
|