-
-
Notifications
You must be signed in to change notification settings - Fork 4.2k
91 lines (80 loc) · 3.6 KB
/
pre-commit.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
name: pre-commit
on:
push:
branches:
- master
pull_request:
# Cancel in progress workflows on pull_requests.
# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
defaults:
run:
# the default default is:
# bash --noprofile --norc -eo pipefail {0}
shell: bash --noprofile --norc -eo pipefail -ux {0}
# hack for https://github.com/actions/cache/issues/810#issuecomment-1222550359
env:
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 3
# workaround: secrets cannot be directly referenced in `if`
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets
SECRET_ACCESS: ${{toJSON(secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY != null)}}
jobs:
lint:
name: pre-commit lint
runs-on: ubuntu-22.04
timeout-minutes: 10
steps:
- # get a non-default github token so that any changes are verified by CI
if: env.SECRET_ACCESS == 'true'
uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0
id: token
with:
app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }}
private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }}
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Get changed files
id: changes
uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0
with:
# Enable listing of files matching each filter.
# Paths to files will be available in `${FILTER_NAME}_files` output variable.
list-files: json
# It doesn't make sense to lint deleted files.
# Therefore we specify we are only interested in added or modified files.
filters: |
all:
- added|modified: '**/*'
- uses: getsentry/action-setup-volta@e4939d337b83760d13a9d7030a6f68c9d0ee7581 # v2.0.0
- name: Install node dependencies
run: |
yarn install --frozen-lockfile
- uses: getsentry/action-setup-venv@a133e6fd5fa6abd3f590a1c106abda344f5df69f # v2.1.0
with:
python-version: 3.11.8
cache-dependency-path: |
requirements-dev.txt
requirements-dev-frozen.txt
install-cmd: python3 -m tools.hack_pip && pip install -r requirements-dev.txt -c requirements-dev-frozen.txt
- uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with:
path: ~/.cache/pre-commit
key: cache-epoch-1|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }}
- name: Setup pre-commit
# We don't need pre-commit install --install-hooks since we're just interested
# in running the hooks.
run: |
pre-commit install-hooks
- name: Run pre-commit on PR commits
run: |
jq '.[]' --raw-output <<< '${{steps.changes.outputs.all_files}}' |
# Run pre-commit to lint and format check files that were changed (but not deleted) compared to master.
xargs pre-commit run --files
- name: Apply any pre-commit fixed files
# note: this runs "always" or else it's skipped when pre-commit fails
if: env.SECRET_ACCESS == 'true' && startsWith(github.ref, 'refs/pull') && always()
uses: getsentry/action-github-commit@31f6706ca1a7b9ad6d22c1b07bf3a92eabb05632 # v2.0.0
with:
github-token: ${{ steps.token.outputs.token }}
message: ':hammer_and_wrench: apply pre-commit fixes'