-
-
Notifications
You must be signed in to change notification settings - Fork 146
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #164 from pre-commit/remove-pushing
remove pushing behaviour
- Loading branch information
Showing
11 changed files
with
49 additions
and
4,331 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
name: main | ||
on: | ||
pull_request: | ||
push: | ||
branches: [main, test-me-*] | ||
|
||
jobs: | ||
main: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- uses: actions/setup-python@v3 | ||
- name: self test action | ||
uses: ./ |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,7 +8,7 @@ Please switch to using [pre-commit.ci] which is faster and has more features. | |
___ | ||
|
||
[![pre-commit.ci status](https://results.pre-commit.ci/badge/github/pre-commit/action/main.svg)](https://results.pre-commit.ci/latest/github/pre-commit/action/main) | ||
[![Build Status](https://github.com/pre-commit/action/workflows/deploy/badge.svg)](https://github.com/pre-commit/action/actions) | ||
[![Build Status](https://github.com/pre-commit/action/workflows/main/badge.svg)](https://github.com/pre-commit/action/actions) | ||
|
||
pre-commit/action | ||
================= | ||
|
@@ -32,8 +32,8 @@ jobs: | |
pre-commit: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- uses: actions/setup-python@v2 | ||
- uses: actions/checkout@v3 | ||
- uses: actions/setup-python@v3 | ||
- uses: pre-commit/[email protected] | ||
``` | ||
|
@@ -59,33 +59,26 @@ the files (use the template above except for the `pre-commit` action): | |
|
||
### using this action in private repositories | ||
|
||
this action also provides an additional behaviour when used in private | ||
repositories. when configured with a github token, the action will push back | ||
fixes to the pull request branch. | ||
prior to v3.0.0, this action had custom behaviour which pushed changes back to | ||
the pull request when supplied with a `token`. | ||
|
||
using the template above, you'll make two replacements for individual actions: | ||
this behaviour was removed: | ||
- it required a PAT (didn't work with short-lived `GITHUB_TOKEN`) | ||
- properly hiding this `input` from the installation and execution of hooks | ||
is intractable in github actions (it is readily available as `$INPUT_TOKEN`) | ||
- this meant potentially unvetted code could access the token via the | ||
environment | ||
|
||
first is the checkout step, which needs to use unlimited fetch depth for | ||
pushing | ||
you can _likely_ achieve the same thing with an external action such as | ||
[git-auto-commit-action] though you may want to take precautions to clear `git` | ||
hooks or other ways that arbitrary code execution can occur when running | ||
`git commit` / `git push` (for example [core.fsmonitor]). | ||
|
||
```yaml | ||
- uses: actions/checkout@v2 | ||
with: | ||
fetch-depth: 0 | ||
``` | ||
while unrelated to this action, [pre-commit.ci] avoids these problems by | ||
installing and executing isolated from the short-lived repository-scoped | ||
[installation access token]. | ||
|
||
next is passing the token to the pre-commit action | ||
|
||
```yaml | ||
- uses: pre-commit/[email protected] | ||
with: | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
``` | ||
|
||
note that `secrets.GITHUB_TOKEN` is automatically provisioned and will not | ||
require any special configuration. | ||
|
||
while you could _technically_ configure this for a public repository (using a | ||
personal access token), I can't think of a way to do this safely without | ||
exposing a privileged token to pull requests -- if you have any ideas, please | ||
leave an issue! | ||
[git-auto-commit-action]: https://github.com/stefanzweifel/git-auto-commit-action | ||
[core.fsmonitor]: https://github.blog/2022-04-12-git-security-vulnerability-announced/ | ||
[pre-commit.ci]: https://pre-commit.ci | ||
[installation access token]: https://docs.github.com/en/rest/apps/apps#create-an-installation-access-token-for-an-app |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,13 +1,20 @@ | ||
name: pre-commit | ||
description: run pre-commit and optionally commit back to the pull request | ||
description: run pre-commit | ||
inputs: | ||
extra_args: | ||
description: options to pass to pre-commit run | ||
required: false | ||
default: '--all-files' | ||
token: | ||
description: github token to clone / push with | ||
required: false | ||
runs: | ||
using: 'node12' | ||
main: 'dist/index.js' | ||
using: composite | ||
steps: | ||
- run: python -m pip install pre-commit | ||
shell: bash | ||
- run: python -m pip freeze --local | ||
shell: bash | ||
- uses: actions/cache@v3 | ||
with: | ||
path: ~/.cache/pre-commit | ||
key: pre-commit-3|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }} | ||
- run: pre-commit run --show-diff-on-failure --color=always ${{ inputs.extra_args }} | ||
shell: bash |
Oops, something went wrong.