Skip to content

deps(github-actions): DSW-000 Bump github/codeql-action from 3.27.5 to 3.28.0 in /.github/workflows #2089

deps(github-actions): DSW-000 Bump github/codeql-action from 3.27.5 to 3.28.0 in /.github/workflows

deps(github-actions): DSW-000 Bump github/codeql-action from 3.27.5 to 3.28.0 in /.github/workflows #2089

Workflow file for this run

name: Changeset Snapshot
on:
issue_comment:
types:
- created
permissions:
contents: read
issues: read
pull-requests: read
concurrency: ${{ github.workflow }}-${{ github.ref }}
jobs:
snapshot:
name: Snapshot Release
if: |
github.event.issue.pull_request &&
(startsWith(github.event.comment.body, '/test-aperture'))
runs-on: ubuntu-latest
steps:
- name: Enforce permission requirement
uses: prince-chrismc/check-actor-permissions-action@d504e74ba31658f4cdf4fcfeb509d4c09736d88e # v3.0.2
with:
permission: write
- name: Add initial reaction
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
token: ${{ secrets.CHANGESETS_TOKEN }}
comment-id: ${{ github.event.comment.id }}
reactions: eyes
- name: Validate pull request
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
id: pr_data
env:
GITHUB_TOKEN: ${{ secrets.CHANGESETS_TOKEN }}
with:
script: |
try {
const pullRequest = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
});
// Pull request from fork
if (context.payload.repository.full_name !== pullRequest.data.head.repo.full_name) {
const errorMessage = '`/test-aperture` is not supported on pull requests from forked repositories.';
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: errorMessage,
});
core.setFailed(errorMessage);
}
} catch (err) {
core.setFailed(`Request failed with error ${err}`);
}
- name: Add link to build
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
id: build-link
env:
GITHUB_TOKEN: ${{ secrets.CHANGESETS_TOKEN }}
with:
github-token: ${{ secrets.CHANGESETS_TOKEN }}
script: |
try {
const buildLink = '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}';
const body = `Starting a new snapshot build. You can view the logs [here](${buildLink}).`;
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body,
});
} catch (err) {
core.setFailed(`Request failed with error ${err}`);
}
# issue_comment event doesn't provide access to head_ref env var.
# This action provides us with the env vars we need to do a git diff.
# https://github.com/actions/checkout/issues/331#issuecomment-1242708547
- uses: xt0rted/pull-request-comment-branch@d97294d304604fa98a2600a6e2f916a84b596dc7 # v2.0.0
id: comment-branch
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
# issue_comment requires us to checkout the branch
# https://github.com/actions/checkout/issues/331#issuecomment-1120113003
- name: Checkout pull request branch
run: gh pr checkout ${{ github.event.issue.number }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Repo
uses: ./.github/actions/setup-repo
with:
node-version: 20
os: ubuntu-latest
- name: Create an .npmrc
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
cat << EOF > "$HOME/.npmrc"
//registry.npmjs.org/:_authToken=$NPM_TOKEN
EOF
- name: Build Packages
uses: ./.github/actions/run-script
env:
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
with:
script-name: "build"
- name: Get Markdown Changeset Files Difference
id: diff_changeset_files
run: |
git fetch origin ${{ steps.comment-branch.outputs.base_ref }}
git diff --name-only origin/${{ steps.comment-branch.outputs.base_ref }}...HEAD .changeset/*.md > changeset_diff.txt
- name: Delete Unrelated Markdown Files in Changeset
run: |
for file in $(ls .changeset/*.md); do
if ! grep -q "$(basename $file)" changeset_diff.txt; then
rm "$file"
fi
done
- name: Create and publish snapshot release and trigger aperture
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
env:
GITHUB_TOKEN: ${{ secrets.CHANGESETS_TOKEN }}
PIE_BRANCH: ${{ steps.comment-branch.outputs.head_ref }}
PIE_PR_NUMBER: ${{ github.event.issue.number }}
with:
github-token: ${{ secrets.CHANGESETS_TOKEN }}
script: |
const execa = require('execa');
const script = require('./packages/tools/pie-monorepo-utils/changeset-snapshot/test-aperture.js')
await script({ github, context }, execa);
- name: Add failure comment
if: failure()
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
issue-number: ${{ github.event.issue.number }}
token: ${{ secrets.CHANGESETS_TOKEN }}
body: The build failed, please see the [logs](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) or take a look at the [Workflow Tooling wiki page](https://github.com/justeattakeaway/pie/wiki/Workflow-Tooling#snapshot-releases) to make sure your PR meets the requirements.