actions/pre-commit-action
5
0
Fork 0
mirror of https://github.com/pre-commit/action.git synced 2025-11-07 18:56:55 +00:00
Code Activity Actions

Merge pull request #164 from pre-commit/remove-pushing

Browse source 
remove pushing behaviour
This commit is contained in:
Anthony Sottile 2022-06-05 16:02:23 -04:00 committed by GitHub
commit 7a7fccb381
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 49 additions and 4331 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
.github/workflows/deploy.yml vendored
View file

@ -1,21 +0,0 @@
name: deploy
on:
pull_request:
push:
branches: [main]
jobs:
build:
name: pr
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
- uses: actions/setup-python@v2
- run: pip install virtualenv
- run: make
- name: self test newly built action
uses: ./
- run: make push
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

14
.github/workflows/main.yml vendored Normal file
View file

@ -0,0 +1,14 @@
name: main
on:
pull_request:
push:
branches: [main, test-me-*]
jobs:
main:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
- name: self test action
uses: ./

3
.gitignore vendored
View file

@ -1,3 +0,0 @@
/.cache
/dist
/node_modules

5
.pre-commit-config.yaml
View file

@ -5,8 +5,3 @@ repos:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-yaml
- repo: https://github.com/pre-commit/mirrors-eslint
rev: v8.16.0
hooks:
- id: eslint
args: [--fix]

24
Makefile
View file

@ -1,24 +0,0 @@
.PHONY: all
all: dist/index.js
venv: Makefile
rm -rf venv
virtualenv venv -ppython3
venv/bin/pip install markdown-to-presentation
node_modules: package.json
npm install --silent
test -d node_modules
touch node_modules
dist/index.js: index.js node_modules
node_modules/.bin/webpack --config webpack.config.js
# terrible hack to prevent lookup of `navigator`
# if someone knows the correct way to use webpack, PRs welcome!
sed -i 's/\bnavigator\b/({})/g' $@
.PHONY: push
push: venv
venv/bin/markdown-to-presentation push \
--pages-branch release \
README.md LICENSE action.yml dist/index.js

51
README.md
View file

@ -8,7 +8,7 @@ Please switch to using [pre-commit.ci] which is faster and has more features.
___
[![pre-commit.ci status](https://results.pre-commit.ci/badge/github/pre-commit/action/main.svg)](https://results.pre-commit.ci/latest/github/pre-commit/action/main)
[![Build Status](https://github.com/pre-commit/action/workflows/deploy/badge.svg)](https://github.com/pre-commit/action/actions)
[![Build Status](https://github.com/pre-commit/action/workflows/main/badge.svg)](https://github.com/pre-commit/action/actions)
pre-commit/action
=================
@ -32,8 +32,8 @@ jobs:
pre-commit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
- uses: pre-commit/action@v2.0.3
```
@ -59,33 +59,26 @@ the files (use the template above except for the `pre-commit` action):
### using this action in private repositories
this action also provides an additional behaviour when used in private
repositories. when configured with a github token, the action will push back
fixes to the pull request branch.
prior to v3.0.0, this action had custom behaviour which pushed changes back to
the pull request when supplied with a `token`.
using the template above, you'll make two replacements for individual actions:
this behaviour was removed:
- it required a PAT (didn't work with short-lived `GITHUB_TOKEN`)
- properly hiding this `input` from the installation and execution of hooks
is intractable in github actions (it is readily available as `$INPUT_TOKEN`)
- this meant potentially unvetted code could access the token via the
environment
first is the checkout step, which needs to use unlimited fetch depth for
pushing
you can _likely_ achieve the same thing with an external action such as
[git-auto-commit-action] though you may want to take precautions to clear `git`
hooks or other ways that arbitrary code execution can occur when running
`git commit` / `git push` (for example [core.fsmonitor]).
```yaml
- uses: actions/checkout@v2
with:
fetch-depth: 0
```
while unrelated to this action, [pre-commit.ci] avoids these problems by
installing and executing isolated from the short-lived repository-scoped
[installation access token].
next is passing the token to the pre-commit action
```yaml
- uses: pre-commit/action@v2.0.3
with:
token: ${{ secrets.GITHUB_TOKEN }}
```
note that `secrets.GITHUB_TOKEN` is automatically provisioned and will not
require any special configuration.
while you could _technically_ configure this for a public repository (using a
personal access token), I can't think of a way to do this safely without
exposing a privileged token to pull requests -- if you have any ideas, please
leave an issue!
[git-auto-commit-action]: https://github.com/stefanzweifel/git-auto-commit-action
[core.fsmonitor]: https://github.blog/2022-04-12-git-security-vulnerability-announced/
[pre-commit.ci]: https://pre-commit.ci
[installation access token]: https://docs.github.com/en/rest/apps/apps#create-an-installation-access-token-for-an-app

19
action.yml
View file

@ -1,13 +1,20 @@
name: pre-commit
description: run pre-commit and optionally commit back to the pull request
description: run pre-commit
inputs:
extra_args:
description: options to pass to pre-commit run
required: false
default: '--all-files'
token:
description: github token to clone / push with
required: false
runs:
using: 'node12'
main: 'dist/index.js'
using: composite
steps:
- run: python -m pip install pre-commit
shell: bash
- run: python -m pip freeze --local
shell: bash
- uses: actions/cache@v3
with:
path: ~/.cache/pre-commit
key: pre-commit-3|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }}
- run: pre-commit run --show-diff-on-failure --color=always ${{ inputs.extra_args }}
shell: bash

100
index.js
View file

@ -1,100 +0,0 @@
const child_process = require('child_process');
const crypto = require('crypto');
const fs = require('fs');
const os = require('os');
const path = require('path');
const cache = require('@actions/cache');
const core = require('@actions/core');
const exec = require('@actions/exec');
const github = require('@actions/github');
const tr = require('@actions/exec/lib/toolrunner');
function hashString(content) {
const sha256 = crypto.createHash('sha256');
return sha256.update(content).digest('hex');
}
function getPythonVersion() {
const args = ['-c', 'import sys;print(sys.executable+"\\n"+sys.version)'];
const res = child_process.spawnSync('python', args);
if (res.status !== 0) {
throw 'python version check failed';
}
return res.stdout.toString();
}
function hashFile(filePath) {
return hashString(fs.readFileSync(filePath).toString());
}
function addToken(url, token) {
return url.replace(/^https:\/\//, `https://x-access-token:${token}@`);
}
async function main() {
await core.group('install pre-commit', async () => {
await exec.exec('pip', ['install', 'pre-commit']);
await exec.exec('pip', ['freeze', '--local']);
});
const args = [
'run',
'--show-diff-on-failure',
'--color=always',
...tr.argStringToArray(core.getInput('extra_args')),
];
const token = core.getInput('token');
const pr = github.context.payload.pull_request;
const push = !!token && !!pr;
const cachePaths = [path.join(os.homedir(), '.cache', 'pre-commit')];
const py = getPythonVersion();
const cacheKey = `pre-commit-2-${hashString(py)}-${hashFile('.pre-commit-config.yaml')}`;
const restored = await cache.restoreCache(cachePaths, cacheKey);
const ret = await exec.exec('pre-commit', args, {ignoreReturnCode: push});
if (!restored) {
try {
await cache.saveCache(cachePaths, cacheKey);
} catch (e) {
core.warning(
`There was an error saving the pre-commit environments to cache:
${e.message || e}
This only has performance implications and won't change the result of your pre-commit tests.
If this problem persists on your default branch, you can try to fix it by editing your '.pre-commit-config.yaml'.
For example try to run 'pre-commit autoupdate' or simply add a blank line.
This will result in a different hash value and thus a different cache target.`.replace(/^ +/gm, '')
);
}
}
if (ret && push) {
// actions do not run on pushes made by actions.
// need to make absolute sure things are good before pushing
// TODO: is there a better way around this limitation?
await exec.exec('pre-commit', args);
const diff = await exec.exec(
'git', ['diff', '--quiet'], {ignoreReturnCode: true}
);
if (diff) {
await core.group('push fixes', async () => {
await exec.exec('git', ['config', 'user.name', 'pre-commit']);
await exec.exec(
'git', ['config', 'user.email', 'pre-commit@example.com']
);
const branch = pr.head.ref;
await exec.exec('git', ['checkout', 'HEAD', '-B', branch]);
await exec.exec('git', ['commit', '-am', 'pre-commit fixes']);
const url = addToken(pr.head.repo.clone_url, token);
await exec.exec('git', ['push', url, 'HEAD']);
});
}
}
}
main().catch((e) => core.setFailed(e.message));

4110
package-lock.json generated
View file

File diff suppressed because it is too large Load diff

22
package.json
View file

@ -1,22 +0,0 @@
{
"private": true,
"dependencies": {
"@actions/cache": "*",
"@actions/core": "*",
"@actions/exec": "*",
"@actions/github": "*"
},
"devDependencies": {
"webpack": "^4.41.2",
"webpack-cli": "^3.3.10"
},
"eslintConfig": {
"extends": "eslint:recommended",
"parserOptions": {
"ecmaVersion": 2017
},
"env": {
"node": true
}
}
}

11
webpack.config.js
View file

@ -1,11 +0,0 @@
const path = require('path');
module.exports = {
target: 'node',
entry: './index.js',
mode: 'production',
output: {
filename: 'index.js',
path: path.resolve(__dirname, 'dist'),
},
};