Create SECURITY.md #3
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Step 4 | |
| on: | |
| push: | |
| branches: | |
| - prepare-to-collaborate | |
| paths: | |
| - ".github/dependabot.yml" | |
| - "SECURITY.md" | |
| permissions: | |
| contents: write | |
| actions: write | |
| issues: write | |
| env: | |
| STEP_5_FILE: ".github/steps/5-merge.md" | |
| jobs: | |
| find_exercise: | |
| if: | | |
| !github.event.repository.is_template | |
| name: Find Exercise Issue | |
| uses: skills/exercise-toolkit/.github/workflows/[email protected] | |
| check_step_work: | |
| name: Check step work | |
| runs-on: ubuntu-latest | |
| needs: [find_exercise] | |
| env: | |
| ISSUE_URL: ${{ needs.find_exercise.outputs.issue-url }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Get Exercise Toolkit | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: skills/exercise-toolkit | |
| path: exercise-toolkit | |
| # Results table still uses old format. Needs refactored to update. | |
| ref: v0.3.0 | |
| - name: Update comment - checking work | |
| run: | | |
| gh issue comment "$ISSUE_URL" \ | |
| --body-file exercise-toolkit/markdown-templates/step-feedback/checking-work.md \ | |
| --edit-last | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # START: Check practical exercise | |
| - name: Check for Dependabot config | |
| id: check-dependabot-config | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const fs = require('fs'); | |
| // Result object to store the message | |
| let result = { | |
| name: 'dependabot.yml', | |
| passed: true, | |
| message: '' | |
| } | |
| // Check that file exists | |
| if (!fs.existsSync('.github/dependabot.yml')) { | |
| result.passed = false; | |
| result.message = 'File is missing.'; | |
| } | |
| return result; | |
| - name: Check for Security Policy | |
| id: check-security-policy | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const fs = require('fs'); | |
| // Result object to store the message | |
| let result = { | |
| name: 'SECURITY.md', | |
| passed: true, | |
| message: '' | |
| } | |
| // Check that file exists | |
| if (!fs.existsSync('SECURITY.md')) { | |
| result.passed = false; | |
| result.message = 'File is missing.'; | |
| } | |
| return result; | |
| - name: Check all results | |
| id: check-all-results | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const checks = [ | |
| JSON.parse(process.env['check1']), | |
| JSON.parse(process.env['check2']) | |
| ]; | |
| const result = checks.every(check => check.passed); | |
| return result | |
| env: | |
| check1: ${{ steps.check-dependabot-config.outputs.result }} | |
| check2: ${{ steps.check-security-policy.outputs.result }} | |
| - name: Build message - step results | |
| id: build-message-step-results | |
| uses: skills/action-text-variables@v2 | |
| with: | |
| template-file: exercise-toolkit/markdown-templates/step-feedback/step-results.md | |
| template-vars: > | |
| { | |
| "step_number": 4, | |
| "passed": ${{ steps.check-all-results.outputs.result }}, | |
| "results_table": [ | |
| ${{ steps.check-dependabot-config.outputs.result }}, | |
| ${{ steps.check-security-policy.outputs.result }} | |
| ] | |
| } | |
| - name: Create comment - step results | |
| run: | | |
| gh issue comment "$ISSUE_URL" \ | |
| --body "$COMMENT_BODY" \ | |
| --edit-last | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| COMMENT_BODY: ${{ steps.build-message-step-results.outputs.updated-text }} | |
| - name: Fail job if not all checks passed | |
| if: steps.check-all-results.outputs.result == 'false' | |
| run: exit 1 | |
| # END: Check practical exercise | |
| - name: Build message - step finished | |
| id: build-message-step-finish | |
| uses: skills/action-text-variables@v2 | |
| with: | |
| template-file: exercise-toolkit/markdown-templates/step-feedback/step-finished-prepare-next-step.md | |
| template-vars: | | |
| next_step_number: 5 | |
| - name: Update comment - step finished | |
| run: | | |
| gh issue comment "$ISSUE_URL" \ | |
| --body "$ISSUE_BODY" | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| ISSUE_BODY: ${{ steps.build-message-step-finish.outputs.updated-text }} | |
| post_next_step_content: | |
| name: Post next step content | |
| needs: [find_exercise, check_step_work] | |
| runs-on: ubuntu-latest | |
| env: | |
| ISSUE_URL: ${{ needs.find_exercise.outputs.issue-url }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Get Exercise Toolkit | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: skills/exercise-toolkit | |
| path: exercise-toolkit | |
| ref: v0.6.0 | |
| - name: Create comment - add step content | |
| run: | | |
| gh issue comment "$ISSUE_URL" \ | |
| --body-file "$STEP_5_FILE" | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create comment - watching for progress | |
| run: | | |
| gh issue comment "$ISSUE_URL" \ | |
| --body-file exercise-toolkit/markdown-templates/step-feedback/watching-for-progress.md | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Disable current workflow and enable next one | |
| run: | | |
| gh workflow disable "Step 4" || true | |
| gh workflow enable "Step 5" || true | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |