Skip to content

Commit 831aefe

Browse files
bruno-garciacursoragent
bruno-garcia
and
cursoragent
authored
Improve GitHub Actions workflows with environment variable handling (#89)
Co-authored-by: Cursor Agent <[email protected]>
1 parent 9caa64e commit 831aefe

File tree

3 files changed

+66
-27
lines changed

3 files changed

+66
-27
lines changed

.github/workflows/danger.yml

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -23,19 +23,26 @@ jobs:
2323
fetch-depth: 0
2424

2525
- name: Download dangerfile.js
26-
run: wget https://raw.githubusercontent.com/getsentry/github-workflows/${{ inputs._workflow_version }}/danger/dangerfile.js -P ${{ runner.temp }}
26+
env:
27+
WORKFLOW_VERSION: ${{ inputs._workflow_version }}
28+
RUNNER_TEMP: ${{ runner.temp }}
29+
run: wget "https://raw.githubusercontent.com/getsentry/github-workflows/$WORKFLOW_VERSION/danger/dangerfile.js" -P "$RUNNER_TEMP"
2730

2831
# Using a pre-built docker image in GitHub container registry instaed of NPM to reduce possible attack vectors.
2932
- name: Run DangerJS
3033
id: danger
34+
env:
35+
GITHUB_WORKSPACE: ${{ github.workspace }}
36+
RUNNER_TEMP: ${{ runner.temp }}
37+
GITHUB_TOKEN: ${{ github.token }}
3138
run: |
3239
docker run \
33-
--volume ${{ github.workspace }}:/github/workspace \
34-
--volume ${{ runner.temp }}:${{ runner.temp }} \
40+
--volume "$GITHUB_WORKSPACE":/github/workspace \
41+
--volume "$RUNNER_TEMP":"$RUNNER_TEMP" \
3542
--workdir /github/workspace \
3643
--user $UID \
3744
-e "INPUT_ARGS" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true \
38-
-e GITHUB_TOKEN="${{ github.token }}" \
45+
-e GITHUB_TOKEN="$GITHUB_TOKEN" \
3946
-e DANGER_DISABLE_TRANSPILATION="true" \
4047
ghcr.io/danger/danger-js:11.3.1 \
41-
--failOnErrors --dangerfile ${{ runner.temp }}/dangerfile.js
48+
--failOnErrors --dangerfile "$RUNNER_TEMP"/dangerfile.js

.github/workflows/updater.yml

Lines changed: 49 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -111,21 +111,30 @@ jobs:
111111
- name: Check out workflow scripts
112112
# Note: cannot use `actions/checkout` at the moment because you can't clone outside of the repo root.
113113
# Follow https://github.com/actions/checkout/issues/197
114+
env:
115+
RUNNER_TEMP: ${{ runner.temp }}
116+
WORKFLOW_VERSION: ${{ inputs._workflow_version }}
114117
run: |
115-
mkdir -p ${{ runner.temp }}/ghwf
116-
cd ${{ runner.temp }}/ghwf
118+
mkdir -p "$RUNNER_TEMP/ghwf"
119+
cd "$RUNNER_TEMP/ghwf"
117120
git init
118121
git remote add origin https://github.com/getsentry/github-workflows.git
119-
git fetch --depth 1 origin ${{ inputs._workflow_version }}
122+
git fetch --depth 1 origin "$WORKFLOW_VERSION"
120123
git checkout FETCH_HEAD
121124
122125
- name: Update to the latest version
123126
id: target
124-
run: ${{ runner.temp }}/ghwf/updater/scripts/update-dependency.ps1 -Path '${{ inputs.path }}' -Pattern '${{ inputs.pattern }}'
127+
env:
128+
RUNNER_TEMP: ${{ runner.temp }}
129+
INPUT_PATH: ${{ inputs.path }}
130+
INPUT_PATTERN: ${{ inputs.pattern }}
131+
run: "$env:RUNNER_TEMP/ghwf/updater/scripts/update-dependency.ps1" -Path "$env:INPUT_PATH" -Pattern "$env:INPUT_PATTERN"
125132

126133
- name: Get the base repo info
127134
if: steps.target.outputs.latestTag != steps.target.outputs.originalTag
128135
id: root
136+
env:
137+
RUNNER_TEMP: ${{ runner.temp }}
129138
run: |
130139
$mainBranch = $(git remote show origin | Select-String "HEAD branch: (.*)").Matches[0].Groups[1].Value
131140
$prBranch = switch ('${{ inputs.pr-strategy }}')
@@ -136,7 +145,7 @@ jobs:
136145
}
137146
"baseBranch=$mainBranch" | Tee-Object $env:GITHUB_OUTPUT -Append
138147
"prBranch=$prBranch" | Tee-Object $env:GITHUB_OUTPUT -Append
139-
$nonBotCommits = ${{ runner.temp }}/ghwf/updater/scripts/nonbot-commits.ps1 `
148+
$nonBotCommits = "$env:RUNNER_TEMP/ghwf/updater/scripts/nonbot-commits.ps1" `
140149
-RepoUrl "$(git config --get remote.origin.url)" -PrBranch $prBranch -MainBranch $mainBranch
141150
$changed = $nonBotCommits.Length -gt 0 ? 'true' : 'false'
142151
"changed=$changed" | Tee-Object $env:GITHUB_OUTPUT -Append
@@ -150,8 +159,10 @@ jobs:
150159
id: existing-pr
151160
env:
152161
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
162+
GITHUB_REPOSITORY: ${{ github.repository }}
163+
GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }}
153164
run: |
154-
$urls = @(gh api 'repos/${{ github.repository }}/pulls?base=${{ steps.root.outputs.baseBranch }}&head=${{ github.repository_owner }}:${{ steps.root.outputs.prBranch }}' --jq '.[].html_url')
165+
$urls = @(gh api "repos/$GITHUB_REPOSITORY/pulls?base=${{ steps.root.outputs.baseBranch }}&head=$GITHUB_REPOSITORY_OWNER:${{ steps.root.outputs.prBranch }}" --jq '.[].html_url')
155166
if ($urls.Length -eq 0)
156167
{
157168
"url=" | Tee-Object $env:GITHUB_OUTPUT -Append
@@ -170,12 +181,17 @@ jobs:
170181

171182
- name: Get target changelog
172183
if: ${{ ( steps.target.outputs.latestTag != steps.target.outputs.originalTag ) && ( steps.root.outputs.changed == 'false') }}
184+
env:
185+
RUNNER_TEMP: ${{ runner.temp }}
186+
TARGET_URL: ${{ steps.target.outputs.url }}
187+
ORIGINAL_TAG: ${{ steps.target.outputs.originalTag }}
188+
LATEST_TAG: ${{ steps.target.outputs.latestTag }}
173189
run: |
174-
$changelog = ${{ runner.temp }}/ghwf/updater/scripts/get-changelog.ps1 `
175-
-RepoUrl '${{ steps.target.outputs.url }}' `
176-
-OldTag '${{ steps.target.outputs.originalTag }}' `
177-
-NewTag '${{ steps.target.outputs.latestTag }}'
178-
${{ runner.temp }}/ghwf/updater/scripts/set-github-env.ps1 TARGET_CHANGELOG $changelog
190+
$changelog = "$env:RUNNER_TEMP/ghwf/updater/scripts/get-changelog.ps1" `
191+
-RepoUrl "$env:TARGET_URL" `
192+
-OldTag "$env:ORIGINAL_TAG" `
193+
-NewTag "$env:LATEST_TAG"
194+
"$env:RUNNER_TEMP/ghwf/updater/scripts/set-github-env.ps1" TARGET_CHANGELOG $changelog
179195
180196
# First we create a PR only if it doesn't exist. We will later overwrite the content with the same action.
181197
- name: Create a PR
@@ -223,19 +239,32 @@ jobs:
223239

224240
- name: 'After new PR: redo the update'
225241
if: ${{ ( steps.target.outputs.latestTag != steps.target.outputs.originalTag ) && ( steps.existing-pr.outputs.url == '') && ( steps.root.outputs.changed == 'false') }}
226-
run: ${{ runner.temp }}/ghwf/updater/scripts/update-dependency.ps1 -Path '${{ inputs.path }}' -Tag '${{ steps.target.outputs.latestTag }}'
242+
env:
243+
RUNNER_TEMP: ${{ runner.temp }}
244+
INPUT_PATH: ${{ inputs.path }}
245+
LATEST_TAG: ${{ steps.target.outputs.latestTag }}
246+
run: "$env:RUNNER_TEMP/ghwf/updater/scripts/update-dependency.ps1" -Path "$env:INPUT_PATH" -Tag "$env:LATEST_TAG"
227247

228248
- name: Update Changelog
229249
if: ${{ inputs.changelog-entry && ( steps.target.outputs.latestTag != steps.target.outputs.originalTag ) && ( steps.root.outputs.changed == 'false') }}
250+
env:
251+
RUNNER_TEMP: ${{ runner.temp }}
252+
INPUT_NAME: ${{ inputs.name }}
253+
PR_URL: ${{ steps.pr.outputs.url }}
254+
TARGET_URL: ${{ steps.target.outputs.url }}
255+
MAIN_BRANCH: ${{ steps.target.outputs.mainBranch }}
256+
ORIGINAL_TAG: ${{ steps.target.outputs.originalTag }}
257+
LATEST_TAG: ${{ steps.target.outputs.latestTag }}
258+
CHANGELOG_SECTION: ${{ inputs.changelog-section }}
230259
run: |
231-
${{ runner.temp }}/ghwf/updater/scripts/update-changelog.ps1 `
232-
-Name '${{ inputs.name }}' `
233-
-PR '${{ steps.pr.outputs.url }}' `
234-
-RepoUrl '${{ steps.target.outputs.url }}' `
235-
-MainBranch '${{ steps.target.outputs.mainBranch }}' `
236-
-OldTag '${{ steps.target.outputs.originalTag }}' `
237-
-NewTag '${{ steps.target.outputs.latestTag }}' `
238-
-Section '${{ inputs.changelog-section }}'
260+
"$env:RUNNER_TEMP/ghwf/updater/scripts/update-changelog.ps1" `
261+
-Name "$env:INPUT_NAME" `
262+
-PR "$env:PR_URL" `
263+
-RepoUrl "$env:TARGET_URL" `
264+
-MainBranch "$env:MAIN_BRANCH" `
265+
-OldTag "$env:ORIGINAL_TAG" `
266+
-NewTag "$env:LATEST_TAG" `
267+
-Section "$env:CHANGELOG_SECTION"
239268
240269
- run: git --no-pager diff
241270
if: ${{ ( steps.target.outputs.latestTag != steps.target.outputs.originalTag ) && ( steps.root.outputs.changed == 'false') }}

sentry-cli/integration-test/action.yml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,9 @@ runs:
1616
steps:
1717
- name: Run tests
1818
shell: pwsh
19+
env:
20+
GITHUB_ACTION_PATH: ${{ github.action_path }}
21+
INPUT_PATH: ${{ inputs.path }}
1922
run: |
20-
Import-Module -Name ${{ github.action_path }}/action.psm1 -Force
21-
Invoke-Pester -Output Detailed '${{ inputs.path }}'
23+
Import-Module -Name "$env:GITHUB_ACTION_PATH/action.psm1" -Force
24+
Invoke-Pester -Output Detailed "$env:INPUT_PATH"

0 commit comments

Comments
 (0)