Dependency Updates #379
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: pre-commit | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| permissions: | |
| contents: read | |
| jobs: | |
| pre-commit-push: | |
| name: Pre-Commit check on Push | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event_name == 'push' }} | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Set up Python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: 3.13 | |
| # We wish to run pre-commit on all files instead of the changes | |
| # only made in the push commit. | |
| # | |
| # So linting error persists when there's formatting problem. | |
| - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 | |
| pre-commit-pr: | |
| name: Pre-Commit check on PR | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event_name == 'pull_request_target' }} | |
| permissions: | |
| contents: read | |
| checks: write | |
| issues: write | |
| pull-requests: write | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| # pull_request_target checkout the base of the repo | |
| # We need to checkout the actual pr to lint the changes. | |
| - name: Checkout pr | |
| run: gh pr checkout ${{ github.event.number }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: 3.13 | |
| # we only lint on the changed file in PR. | |
| - name: Get Changed Files | |
| id: changed-files | |
| uses: step-security/changed-files@60967b822d3001fa82242f8d6b4ed46bc3600a68 # v47.0.1 | |
| - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 | |
| id: run-pre-commit | |
| with: | |
| extra_args: --files ${{ steps.changed-files.outputs.all_changed_files }} | |
| # Review dog posts the suggested change from pre-commit to the pr. | |
| - name: suggester / pre-commit | |
| uses: reviewdog/action-suggester@aa38384ceb608d00f84b4690cacc83a5aba307ff #v1.24.0 | |
| if: ${{ failure() && steps.run-pre-commit.conclusion == 'failure' }} | |
| with: | |
| tool_name: pre-commit | |
| level: warning | |
| reviewdog_flags: "-fail-level=error" |