ci: fix the use of pull_request_target in the GH workflows
#619
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: check-generated-files | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.number }} | |
| cancel-in-progress: true | |
| jobs: | |
| check-ui-static-files: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Generate static files for UI | |
| run: make ui-static | |
| - name: Copy embedded files to Go sources | |
| run: make prebuild | |
| - name: Verify Changed files | |
| uses: tj-actions/verify-changed-files@eb6d385c0e52fb28e2f6b70e15c835cb3cbfff17 | |
| id: verify-changed-files | |
| - name: Fail if generated files are out of sync | |
| if: steps.verify-changed-files.outputs.files_changed == 'true' | |
| # SECURITY: Map untrusted input to an environment variable. | |
| # This prevents the shell from interpreting special characters in filenames as commands. | |
| env: | |
| CHANGED_FILES: ${{ steps.verify-changed-files.outputs.changed_files }} | |
| run: | | |
| echo "::error::Generated files are out of sync!" | |
| echo "" | |
| echo "The following files need to be regenerated:" | |
| echo "$CHANGED_FILES" | |
| echo "" | |
| echo "Please run the following commands locally and commit the changes:" | |
| echo " make ui-static" | |
| echo " make prebuild" | |
| exit 1 |