name: pre-commit on: push: branches: - master pull_request: # Cancel in progress workflows on pull_requests. # https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true defaults: run: # the default default is: # bash --noprofile --norc -eo pipefail {0} shell: bash --noprofile --norc -eo pipefail -ux {0} # hack for https://github.com/actions/cache/issues/810#issuecomment-1222550359 env: SEGMENT_DOWNLOAD_TIMEOUT_MINS: 3 # workaround: secrets cannot be directly referenced in `if` # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets SECRET_ACCESS: ${{toJSON(secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY != null)}} jobs: lint: name: pre-commit lint runs-on: ubuntu-22.04 timeout-minutes: 10 steps: - # get a non-default github token so that any changes are verified by CI if: env.SECRET_ACCESS == 'true' uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0 id: token with: app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }} private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }} - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Get changed files id: changes uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 with: # Enable listing of files matching each filter. # Paths to files will be available in `${FILTER_NAME}_files` output variable. list-files: json # It doesn't make sense to lint deleted files. # Therefore we specify we are only interested in added or modified files. filters: | all: - added|modified: '**/*' - uses: getsentry/action-setup-venv@a133e6fd5fa6abd3f590a1c106abda344f5df69f # v2.1.0 with: python-version: 3.11.8 cache-dependency-path: | requirements-dev.txt requirements-dev-frozen.txt install-cmd: python3 -m tools.hack_pip && pip install -r requirements-dev.txt -c requirements-dev-frozen.txt - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: path: ~/.cache/pre-commit key: cache-epoch-1|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }} - name: Setup pre-commit # We don't use make setup-git because we're only interested in installing # requirements-dev.txt as a fast path. # We don't need pre-commit install --install-hooks since we're just interested # in running the hooks. run: | pre-commit install-hooks - name: Run pre-commit on PR commits run: | jq '.[]' --raw-output <<< '${{steps.changes.outputs.all_files}}' | # Run pre-commit to lint and format check files that were changed (but not deleted) compared to master. xargs pre-commit run --files - name: Apply any pre-commit fixed files # note: this runs "always" or else it's skipped when pre-commit fails if: env.SECRET_ACCESS == 'true' && startsWith(github.ref, 'refs/pull') && always() uses: getsentry/action-github-commit@31f6706ca1a7b9ad6d22c1b07bf3a92eabb05632 # v2.0.0 with: github-token: ${{ steps.token.outputs.token }} message: ':hammer_and_wrench: apply pre-commit fixes'