pre-commit.yml 3.6 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091
  1. name: pre-commit
  2. on:
  3. push:
  4. branches:
  5. - master
  6. pull_request:
  7. # Cancel in progress workflows on pull_requests.
  8. # https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value
  9. concurrency:
  10. group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  11. cancel-in-progress: true
  12. defaults:
  13. run:
  14. # the default default is:
  15. # bash --noprofile --norc -eo pipefail {0}
  16. shell: bash --noprofile --norc -eo pipefail -ux {0}
  17. # hack for https://github.com/actions/cache/issues/810#issuecomment-1222550359
  18. env:
  19. SEGMENT_DOWNLOAD_TIMEOUT_MINS: 3
  20. # workaround: secrets cannot be directly referenced in `if`
  21. # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets
  22. SECRET_ACCESS: ${{toJSON(secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY != null)}}
  23. jobs:
  24. lint:
  25. name: pre-commit lint
  26. runs-on: ubuntu-22.04
  27. timeout-minutes: 10
  28. steps:
  29. - # get a non-default github token so that any changes are verified by CI
  30. if: env.SECRET_ACCESS == 'true'
  31. uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0
  32. id: token
  33. with:
  34. app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }}
  35. private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }}
  36. - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  37. - name: Get changed files
  38. id: changes
  39. uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0
  40. with:
  41. # Enable listing of files matching each filter.
  42. # Paths to files will be available in `${FILTER_NAME}_files` output variable.
  43. list-files: json
  44. # It doesn't make sense to lint deleted files.
  45. # Therefore we specify we are only interested in added or modified files.
  46. filters: |
  47. all:
  48. - added|modified: '**/*'
  49. - uses: getsentry/action-setup-volta@e4939d337b83760d13a9d7030a6f68c9d0ee7581 # v2.0.0
  50. - name: Install node dependencies
  51. run: |
  52. yarn install --frozen-lockfile
  53. - uses: getsentry/action-setup-venv@a133e6fd5fa6abd3f590a1c106abda344f5df69f # v2.1.0
  54. with:
  55. python-version: 3.11.8
  56. cache-dependency-path: |
  57. requirements-dev.txt
  58. requirements-dev-frozen.txt
  59. install-cmd: python3 -m tools.hack_pip && pip install -r requirements-dev.txt -c requirements-dev-frozen.txt
  60. - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
  61. with:
  62. path: ~/.cache/pre-commit
  63. key: cache-epoch-1|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }}
  64. - name: Setup pre-commit
  65. # We don't need pre-commit install --install-hooks since we're just interested
  66. # in running the hooks.
  67. run: |
  68. pre-commit install-hooks
  69. - name: Run pre-commit on PR commits
  70. run: |
  71. jq '.[]' --raw-output <<< '${{steps.changes.outputs.all_files}}' |
  72. # Run pre-commit to lint and format check files that were changed (but not deleted) compared to master.
  73. xargs pre-commit run --files
  74. - name: Apply any pre-commit fixed files
  75. # note: this runs "always" or else it's skipped when pre-commit fails
  76. if: env.SECRET_ACCESS == 'true' && startsWith(github.ref, 'refs/pull') && always()
  77. uses: getsentry/action-github-commit@31f6706ca1a7b9ad6d22c1b07bf3a92eabb05632 # v2.0.0
  78. with:
  79. github-token: ${{ steps.token.outputs.token }}
  80. message: ':hammer_and_wrench: apply pre-commit fixes'