From 321541344ecfbca37c1fef2123d80b3281f61962 Mon Sep 17 00:00:00 2001 From: jbkieffer Date: Tue, 20 Dec 2022 00:46:41 +0000 Subject: [PATCH] [actions] update sandpaper workflow to version 0.11.3 --- .github/workflows/README.md | 9 +++++++-- .github/workflows/pr-comment.yaml | 6 ++++++ .github/workflows/pr-receive.yaml | 4 ++++ .github/workflows/sandpaper-version.txt | 2 +- 4 files changed, 18 insertions(+), 3 deletions(-) diff --git a/.github/workflows/README.md b/.github/workflows/README.md index 77d624ac..101967e4 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -147,6 +147,11 @@ pull request. GitHub has safeguarded the token used in this workflow to have no priviledges in the repository, but we have taken precautions to protect against spoofing. +This workflow is triggered with every push to a pull request. If this workflow +is already running and a new push is sent to the pull request, the workflow +running from the previous push will be cancelled and a new workflow run will be +started. + The first step of this workflow is to check if it is valid (e.g. that no workflow files have been modified). If there are workflow files that have been modified, a comment is made that indicates that the workflow is not run. If @@ -160,7 +165,7 @@ request. This builds the content and uploads three artifacts: 3. The rendered files (build) Because this workflow builds generated content, it follows the same general -process as the sandpaper-main workflow with the same caching mechanisms. +process as the `sandpaper-main` workflow with the same caching mechanisms. The artifacts produced are used by the next workflow. @@ -176,7 +181,7 @@ The steps in this workflow are: 3. If it is valid: update the pull request comment with the summary of changes Importantly: if the pull request is invalid, the branch is not created so any -malicious code is not published. +malicious code is not published. From here, the maintainer can request changes from the author and eventually either merge or reject the PR. When this happens, if the PR was valid, the diff --git a/.github/workflows/pr-comment.yaml b/.github/workflows/pr-comment.yaml index e5d542e4..3a2bbac6 100644 --- a/.github/workflows/pr-comment.yaml +++ b/.github/workflows/pr-comment.yaml @@ -8,6 +8,11 @@ on: types: - completed +concurrency: + group: pr-${{ github.event.workflow_run.pull_requests[0].number }} + cancel-in-progress: true + + jobs: # Pull requests are valid if: # - they match the sha of the workflow run head commit @@ -58,6 +63,7 @@ jobs: with: pr: ${{ steps.get-pr.outputs.NUM }} sha: ${{ github.event.workflow_run.head_sha }} + headroom: 3 # if it's within the last three commits, we can keep going, because it's likely rapid-fire invalid: ${{ fromJSON(steps.hash.outputs.json)[github.repository] }} fail_on_error: true diff --git a/.github/workflows/pr-receive.yaml b/.github/workflows/pr-receive.yaml index aad7ecbc..04942042 100644 --- a/.github/workflows/pr-receive.yaml +++ b/.github/workflows/pr-receive.yaml @@ -5,6 +5,10 @@ on: types: [opened, synchronize, reopened] +concurrency: + group: ${{ github.ref }} + cancel-in-progress: true + jobs: test-pr: name: "Record PR number" diff --git a/.github/workflows/sandpaper-version.txt b/.github/workflows/sandpaper-version.txt index af88ba82..1a96df19 100644 --- a/.github/workflows/sandpaper-version.txt +++ b/.github/workflows/sandpaper-version.txt @@ -1 +1 @@ -0.11.1 +0.11.3