Skip to content
Reviewdog

ci(deps-dev): bump prek from 0.3.4 to 0.3.5 in /.github/tools in the python-workflow-tools group #23

Sign in to view logs

ci(deps-dev): bump prek from 0.3.4 to 0.3.5 in /.github/tools in the python-workflow-tools group

ci(deps-dev): bump prek from 0.3.4 to 0.3.5 in /.github/tools in the python-workflow-tools group #23

Workflow file for this run

.github/workflows/reviewdog.yml at 20ec84c
name: Reviewdog
on:
pull_request:
types: [opened, reopened, synchronize, ready_for_review]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions: {}
jobs:
reviewdog-actionlint:
name: reviewdog (actionlint)
runs-on: ubuntu-latest
permissions:
pull-requests: write # Required to post review comments
steps:
- name: Harden Runner
uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
with:
disable-sudo-and-containers: false # actionlint needs to run in a container
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: actionlint with reviewdog
uses: reviewdog/action-actionlint@0d952c597ef8459f634d7145b0b044a9699e5e43 # v1.71.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
reporter: github-pr-review
filter_mode: added
fail_level: error
level: warning
reviewdog-ruff:
name: reviewdog (ruff)
runs-on: ubuntu-latest
permissions:
pull-requests: write # Required to post review comments
steps:
- name: Harden Runner
uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
with:
disable-sudo-and-containers: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
files.pythonhosted.org:443
github.com:443
pypi.org:443
release-assets.githubusercontent.com:443
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Setup uv
uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
- name: Setup reviewdog
uses: reviewdog/action-setup@d8a7baabd7f3e8544ee4dbde3ee41d0011c3a93f # v1.5.0
- name: ruff with reviewdog
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
uv run --project .github/tools --group reviewdog-ruff ruff check .github/scripts --output-format=rdjson \
| reviewdog -f=rdjson -name="ruff" -reporter=github-pr-review -filter-mode=added -fail-level=error
reviewdog-shellcheck:
name: reviewdog (shellcheck)
runs-on: ubuntu-latest
permissions:
pull-requests: write # Required to post review comments
steps:
- name: Harden Runner
uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
with:
disable-sudo-and-containers: false # require sudo to install shellcheck
egress-policy: block
allowed-endpoints: >
*.archive.ubuntu.com:80
api.github.com:443
esm.ubuntu.com:443
github.com:443
release-assets.githubusercontent.com:443
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Setup reviewdog
uses: reviewdog/action-setup@d8a7baabd7f3e8544ee4dbde3ee41d0011c3a93f # v1.5.0
- name: Install shellcheck
run: sudo apt-get update && sudo apt-get install -y shellcheck
- name: shellcheck with reviewdog
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
shell: bash
run: |
files="$(git ls-files '*.sh')"
if [[ -z "${files}" ]]; then
echo "No shell scripts to check."
exit 0
fi
git ls-files '*.sh' | xargs shellcheck -f checkstyle \
| reviewdog -f=checkstyle -name="shellcheck" -reporter=github-pr-review -filter-mode=added -fail-level=error
reviewdog-prek:
name: reviewdog (prek)
runs-on: ubuntu-latest
permissions:
pull-requests: write # Required to post review comments
steps:
- name: Harden Runner
uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
with:
disable-sudo-and-containers: true
egress-policy: block
allowed-endpoints: >
github.com:443
api.github.com:443
release-assets.githubusercontent.com:443
proxy.golang.org:443
dl.google.com:443
storage.googleapis.com:443
files.pythonhosted.org:443
pypi.org:443
go.dev:443
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Set up Java
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
with:
distribution: temurin
java-version: "21"
- name: Set up uv
uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
- name: Run prek
id: prek
continue-on-error: true
env:
# poutine has a dedicated job in ci-guardrails.yml.
# unit-tests/integration-tests are pre-push hooks and covered by ci.yml.
# actionlint/ruff/shellcheck have dedicated reviewdog jobs above.
# zizmor has a dedicated job in ci-guardrails.yml (with SARIF upload).
# check-pom-consistency/check-hook-revisions-frozen have dedicated jobs in ci-guardrails.yml.
# markdownlint has a dedicated reviewdog job above.
SKIP: poutine,unit-tests,integration-tests,actionlint,ruff,shellcheck,zizmor,check-pom-consistency,check-hook-revisions-frozen,markdownlint
run: uv run --project .github/tools --group prek prek run --all-files --show-diff-on-failure
- name: Suggest fixes with reviewdog
if: ${{ always() }}
uses: reviewdog/action-suggester@aa38384ceb608d00f84b4690cacc83a5aba307ff # v1.24.0
with:
tool_name: prek
fail_on_error: "false"
- name: Fail if prek found issues
if: ${{ steps.prek.outcome == 'failure' }}
shell: bash
run: |
echo "::error::Prek checks failed. Run locally: prek run --all-files"
exit 1
reviewdog-markdownlint:
name: reviewdog (markdownlint)
runs-on: ubuntu-latest
permissions:
pull-requests: write # Required to post review comments
steps:
- name: Harden Runner
uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
with:
disable-sudo-and-containers: false # markdownlint needs to run in a container
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: markdownlint with reviewdog
uses: reviewdog/action-markdownlint@3667398db9118d7e78f7a63d10e26ce454ba5f58 # v0.26.2
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
reporter: github-pr-review
filter_mode: added
fail_level: error
level: warning