build(deps-dev): bump tar from 7.5.8 to 7.5.10 #461
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Changelog Preview | |
| on: | |
| # Allow this workflow to be called from other repositories | |
| # | |
| # USAGE REQUIREMENTS: | |
| # When calling this workflow from another repository, you must: | |
| # | |
| # 1. Use pull_request_target (NOT pull_request): | |
| # - This is required to post comments on PRs from forks | |
| # - pull_request event has read-only GITHUB_TOKEN for fork PRs | |
| # | |
| # 2. Grant required permissions: | |
| # - contents: read (to checkout repo and read git history) | |
| # - pull-requests: write (to post/update PR comments in comment mode) | |
| # - statuses: write (to create commit statuses in status check mode) | |
| # | |
| # 3. Inherit secrets: | |
| # - secrets: inherit (ensures caller's GITHUB_TOKEN is used) | |
| # | |
| # Example caller workflow (comment mode): | |
| # | |
| # on: | |
| # pull_request_target: | |
| # types: [opened, synchronize, reopened, edited, labeled, unlabeled] | |
| # | |
| # permissions: | |
| # contents: read | |
| # pull-requests: write | |
| # | |
| # jobs: | |
| # changelog-preview: | |
| # uses: getsentry/craft/.github/workflows/changelog-preview.yml@v2 | |
| # secrets: inherit | |
| # | |
| # Example caller workflow (status check mode): | |
| # | |
| # permissions: | |
| # contents: read | |
| # statuses: write | |
| # | |
| # jobs: | |
| # changelog-preview: | |
| # uses: getsentry/craft/.github/workflows/changelog-preview.yml@v2 | |
| # with: | |
| # comment: false | |
| # secrets: inherit | |
| # | |
| # SECURITY NOTE: | |
| # This workflow is safe to use with pull_request_target because: | |
| # - The Craft binary is downloaded from releases, NOT from the PR | |
| # - Only git metadata (commits, tags) and .craft.yml config are read | |
| # - No code from the PR is ever executed | |
| # | |
| workflow_call: | |
| inputs: | |
| working-directory: | |
| description: 'Directory to run Craft in (relative to repo root)' | |
| required: false | |
| type: string | |
| default: '.' | |
| craft-version: | |
| description: 'Version of Craft to use (tag or "latest")' | |
| required: false | |
| type: string | |
| comment: | |
| description: 'Post changelog as PR comment (true) or as check run with job summary (false)' | |
| required: false | |
| type: boolean | |
| default: true | |
| # Also run on PRs in this repository (dogfooding) | |
| pull_request_target: | |
| types: [opened, synchronize, reopened, edited, labeled, unlabeled] | |
| permissions: | |
| contents: read | |
| pull-requests: write # For comment mode | |
| statuses: write # For status check mode | |
| jobs: | |
| preview: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # For pull_request_target, we must explicitly specify the ref to get the PR commits. | |
| # Try the merge ref first; fall back to head ref if PR has merge conflicts. | |
| - uses: actions/checkout@v4 | |
| id: checkout-merge | |
| continue-on-error: true | |
| with: | |
| fetch-depth: 0 | |
| ref: refs/pull/${{ github.event.pull_request.number }}/merge | |
| - uses: actions/checkout@v4 | |
| if: steps.checkout-merge.outcome == 'failure' | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Install Craft | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| CRAFT_VERSION="${{ inputs.craft-version || 'latest' }}" | |
| if [[ "$CRAFT_VERSION" == "latest" || -z "$CRAFT_VERSION" ]]; then | |
| echo "Downloading latest Craft release..." | |
| CRAFT_URL=$(curl -fsSL "https://api.github.com/repos/getsentry/craft/releases/latest" \ | |
| | jq -r '.assets[] | select(.name == "craft") | .browser_download_url') | |
| else | |
| CRAFT_URL="https://github.com/getsentry/craft/releases/download/${CRAFT_VERSION}/craft" | |
| echo "Downloading Craft ${CRAFT_VERSION}..." | |
| # Fallback to latest if specified version doesn't exist | |
| if ! curl -sfI "$CRAFT_URL" >/dev/null 2>&1; then | |
| echo "Release not found for version '${CRAFT_VERSION}', falling back to latest..." | |
| CRAFT_URL=$(curl -fsSL "https://api.github.com/repos/getsentry/craft/releases/latest" \ | |
| | jq -r '.assets[] | select(.name == "craft") | .browser_download_url') | |
| fi | |
| fi | |
| # Verify we have a valid URL | |
| if [[ -z "$CRAFT_URL" ]]; then | |
| echo "::error::Failed to determine Craft download URL" | |
| exit 1 | |
| fi | |
| echo "Installing Craft from: ${CRAFT_URL}" | |
| sudo curl -fsSL -o /usr/local/bin/craft "$CRAFT_URL" | |
| sudo chmod +x /usr/local/bin/craft | |
| # Verify installation | |
| if [[ ! -s /usr/local/bin/craft ]]; then | |
| echo "::error::Downloaded Craft binary is empty or missing" | |
| exit 1 | |
| fi | |
| craft --version | |
| - name: Generate Changelog Preview | |
| shell: bash | |
| working-directory: ${{ inputs.working-directory }} | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| CRAFT_LOG_LEVEL: Warn | |
| run: | | |
| PR_NUMBER="${{ github.event.pull_request.number }}" | |
| echo "Running craft changelog --pr $PR_NUMBER --format json..." | |
| RESULT=$(craft changelog --pr "$PR_NUMBER" --format json 2>/dev/null || echo '{"changelog":"","bumpType":null}') | |
| CHANGELOG=$(echo "$RESULT" | jq -r '.changelog // ""') | |
| BUMP_TYPE=$(echo "$RESULT" | jq -r '.bumpType // "none"') | |
| PR_SKIPPED=$(echo "$RESULT" | jq -r '.prSkipped // false') | |
| VERSIONING_POLICY=$(echo "$RESULT" | jq -r '.versioningPolicy // "auto"') | |
| if [[ "$PR_SKIPPED" == "true" ]]; then | |
| CHANGELOG="_This PR will not appear in the changelog._" | |
| elif [[ -z "$CHANGELOG" ]]; then | |
| CHANGELOG="_No changelog entries will be generated from this PR._" | |
| fi | |
| # CalVer projects don't use semver bumps β skip the impact badge | |
| if [[ "$VERSIONING_POLICY" == "calver" ]]; then | |
| BUMP_BADGE="" | |
| BUMP_SHORT="CalVer" | |
| SECTION_HEADING="Changelog Preview" | |
| STATUS_CONTEXT="Changelog Preview" | |
| else | |
| case "$BUMP_TYPE" in | |
| major) BUMP_BADGE="π΄ **Major** (breaking changes)" ;; | |
| minor) BUMP_BADGE="π‘ **Minor** (new features)" ;; | |
| patch) BUMP_BADGE="π’ **Patch** (bug fixes)" ;; | |
| *) BUMP_BADGE="βͺ **None** (no version bump detected)" ;; | |
| esac | |
| case "$BUMP_TYPE" in | |
| major) BUMP_SHORT="Major" ;; | |
| minor) BUMP_SHORT="Minor" ;; | |
| patch) BUMP_SHORT="Patch" ;; | |
| *) BUMP_SHORT="None" ;; | |
| esac | |
| SECTION_HEADING="Semver Impact of This PR" | |
| STATUS_CONTEXT="Changelog Preview / Semver Impact" | |
| fi | |
| # Determine mode: use status check mode when comment is false OR when running internally (no input) | |
| USE_COMMENT_MODE="${{ inputs.comment }}" | |
| if [[ "$USE_COMMENT_MODE" == "false" ]] || [[ -z "$USE_COMMENT_MODE" ]]; then | |
| # Status check mode (new feature or internal dogfooding) | |
| echo "Using status check mode..." | |
| HEAD_SHA="${{ github.event.pull_request.head.sha || github.sha }}" | |
| TARGET_URL="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" | |
| PR_URL="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/pull/${PR_NUMBER}" | |
| # Create commit status via GitHub API | |
| echo "Creating commit status..." | |
| gh api --method POST \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| "repos/$GITHUB_REPOSITORY/statuses/$HEAD_SHA" \ | |
| -f state="success" \ | |
| -f context="$STATUS_CONTEXT" \ | |
| -f description="$BUMP_SHORT" \ | |
| -f target_url="$TARGET_URL" | |
| echo "β Commit status created" | |
| # 2. Write to job summary | |
| cat >> $GITHUB_STEP_SUMMARY << CRAFT_CHANGELOG_SUMMARY_END | |
| # Changelog Preview for PR #${PR_NUMBER} | |
| [β View PR #${PR_NUMBER}](${PR_URL}) | |
| ## ${SECTION_HEADING} | |
| ${BUMP_BADGE} | |
| <details> | |
| <summary>π Changelog Preview</summary> | |
| This is how your changes will appear in the changelog. | |
| Entries from this PR are highlighted with a left border (blockquote style). | |
| --- | |
| ${CHANGELOG} | |
| --- | |
| </details> | |
| CRAFT_CHANGELOG_SUMMARY_END | |
| echo "β Job summary written" | |
| else | |
| # Comment mode (original behavior) | |
| echo "Using comment mode..." | |
| COMMENT_FILE=$(mktemp) | |
| cat > "$COMMENT_FILE" << CRAFT_CHANGELOG_COMMENT_END | |
| <!-- craft-changelog-preview --> | |
| ## ${SECTION_HEADING} | |
| ${BUMP_BADGE} | |
| <details> | |
| <summary>π Changelog Preview</summary> | |
| This is how your changes will appear in the changelog. | |
| Entries from this PR are highlighted with a left border (blockquote style). | |
| --- | |
| ${CHANGELOG} | |
| --- | |
| </details> | |
| <sub>π€ This preview updates automatically when you update the PR.</sub> | |
| CRAFT_CHANGELOG_COMMENT_END | |
| COMMENT_ID=$(gh api \ | |
| "repos/$GITHUB_REPOSITORY/issues/$PR_NUMBER/comments" \ | |
| --jq '.[] | select(.body | contains("<!-- craft-changelog-preview -->")) | .id' \ | |
| | head -1) | |
| if [[ -n "$COMMENT_ID" ]]; then | |
| echo "Updating existing comment $COMMENT_ID..." | |
| gh api -X PATCH \ | |
| "repos/$GITHUB_REPOSITORY/issues/comments/$COMMENT_ID" \ | |
| -F body=@"$COMMENT_FILE" | |
| else | |
| echo "Creating new comment..." | |
| gh api -X POST \ | |
| "repos/$GITHUB_REPOSITORY/issues/$PR_NUMBER/comments" \ | |
| -F body=@"$COMMENT_FILE" | |
| fi | |
| rm -f "$COMMENT_FILE" | |
| echo "β Comment posted" | |
| fi |