Skip to content

Commit bd7fa94

Browse files
committed
Separate jobs that require access to secrets into separate workflow
1 parent 5af4879 commit bd7fa94

File tree

2 files changed

+69
-26
lines changed

2 files changed

+69
-26
lines changed
Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
name: "Check PR complains with requirements"
2+
3+
on:
4+
pull_request_target:
5+
workflow_run:
6+
workflows: ['Run tests for PR']
7+
8+
concurrency:
9+
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.workflow_run.pull_requests[0].number }}
10+
cancel-in-progress: true
11+
12+
jobs:
13+
reviewdog:
14+
if: github.event_name == 'workflow_run'
15+
strategy:
16+
matrix:
17+
include:
18+
- tool: ktlint
19+
- tool: detekt
20+
permissions:
21+
pull-requests: write
22+
runs-on: ubuntu-latest
23+
steps:
24+
- name: 'Checkout Repository'
25+
uses: actions/checkout@v4
26+
- name: Download benchmark results
27+
uses: dawidd6/action-download-artifact@v6
28+
with:
29+
name: style-reports
30+
path: reports/
31+
run_id: ${{ github.event.workflow_run.id }}
32+
- name: Setup reviewdog
33+
uses: reviewdog/action-setup@v1
34+
with:
35+
reviewdog_version: latest
36+
- name: Run reviewdog ${{ matrix.tool }}
37+
env:
38+
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
39+
CI_PULL_REQUEST: ${{ github.event.pull_request[0].number }}
40+
CI_REPO_OWNER: ${{ github.repository_owner }}
41+
CI_REPO_NAME: ${{ github.event.repository.name }}
42+
CI_COMMIT: ${{ github.event.workflow_run.pull_requests[0].head.repo }}
43+
run: echo reports/${{ matrix.tool }}-reviewdog.out | reviewdog -tee -reporter=github-pr-review
44+
danger-check:
45+
if: github.event_name == 'pull_request_target'
46+
runs-on: ubuntu-latest
47+
permissions:
48+
pull-requests: write
49+
statuses: write
50+
steps:
51+
- name: 'Checkout Repository'
52+
uses: actions/checkout@v4
53+
- name: Danger
54+
uses: danger/[email protected]
55+
with:
56+
run-mode: ci
57+
dangerfile: Dangerfile.df.kts
58+
env:
59+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/pull_request.yml

Lines changed: 10 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
name: "Check the PR"
1+
name: "Run tests for PR"
22

33
on:
44
pull_request:
@@ -13,11 +13,9 @@ concurrency:
1313
jobs:
1414
dump-unicode-data:
1515
uses: ./.github/workflows/unicode-dump.yml
16-
reviewdog:
16+
collect-output-reviewdog:
1717
needs:
1818
- dump-unicode-data
19-
permissions:
20-
pull-requests: write
2119
runs-on: ubuntu-latest
2220
steps:
2321
- name: 'Checkout Repository'
@@ -48,32 +46,18 @@ jobs:
4846
uses: gradle/actions/setup-gradle@v4
4947
with:
5048
gradle-version: wrapper
51-
- name: Setup reviewdog
52-
uses: reviewdog/action-setup@v1
49+
- name: Run ktlint
50+
run: ./gradlew ktlintCheck --console plain > ktlint-reviewdog.out 2>&1 || true
51+
- name: Run detekt
52+
run: ./gradlew -q detekt detektAll --console plain > detekt-reviewdog.out 2>&1 || true
53+
- name: Collect output for reviewdog
54+
uses: actions/upload-artifact@v4
5355
with:
54-
reviewdog_version: latest
55-
- name: Run reviewdog
56-
env:
57-
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
58-
run: reviewdog -tee -reporter=github-pr-review
56+
name: style-reports
57+
path: '*-reviewdog.out'
5958
check-pr:
6059
needs:
6160
- dump-unicode-data
6261
uses: ./.github/workflows/build-and-test.yml
6362
with:
6463
collect-code-coverage: true
65-
danger-check:
66-
runs-on: ubuntu-latest
67-
permissions:
68-
pull-requests: write
69-
statuses: write
70-
steps:
71-
- name: 'Checkout Repository'
72-
uses: actions/checkout@v4
73-
- name: Danger
74-
uses: danger/[email protected]
75-
with:
76-
run-mode: ci
77-
dangerfile: Dangerfile.df.kts
78-
env:
79-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

0 commit comments

Comments
 (0)