-
-
Notifications
You must be signed in to change notification settings - Fork 329
51 lines (45 loc) · 1.96 KB
/
changes-in-high-risk-code.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
name: Changes In High Risk Code
on:
pull_request:
# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
files-changed:
name: Detect changed files
runs-on: ubuntu-latest
# Map a step output to a job output
outputs:
high_risk_code: ${{ steps.changes.outputs.high_risk_code }}
high_risk_code_files: ${{ steps.changes.outputs.high_risk_code_files }}
steps:
- uses: actions/checkout@v4
- name: Get changed files
id: changes
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
with:
token: ${{ github.token }}
filters: .github/file-filters.yml
# Enable listing of files matching each filter.
# Paths to files will be available in `${FILTER_NAME}_files` output variable.
list-files: csv
validate-high-risk-code:
if: needs.files-changed.outputs.high_risk_code == 'true'
needs: files-changed
runs-on: ubuntu-latest
steps:
- name: Comment on PR to notify of changes in high risk files
uses: actions/github-script@v7
env:
high_risk_code: ${{ needs.files-changed.outputs.high_risk_code_files }}
with:
script: |
const highRiskFiles = process.env.high_risk_code;
const fileList = highRiskFiles.split(',').map(file => `- [ ] ${file}`).join('\n');
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `### 🚨 Detected changes in high risk code 🚨 \n High-risk code can easily blow up and is hard to test. We had severe bugs in the past. Be extra careful when changing these files, and have an extra careful look at these:\n ${fileList}`
})