1+ name : Coana Guardrail
2+
3+ on : pull_request
4+
5+ jobs :
6+ guardrail :
7+ runs-on : ubuntu-latest
8+ timeout-minutes : 15
9+ steps :
10+ - name : Get changed files
11+ id : changed-files
12+ uses : tj-actions/changed-files@v44
13+ with :
14+ separator : ' '
15+
16+ - name : Checkout the ${{github.base_ref}} branch
17+ uses : actions/checkout@v4
18+ with :
19+ ref : ${{github.base_ref}} # checkout the base branch (usually master/main).
20+
21+ - name : Use Node.js 20.x
22+ uses : actions/setup-node@v4
23+ with :
24+ node-version : 20.x
25+
26+ - name : Run Coana on the ${{github.base_ref}} branch
27+ run : |
28+ npx @coana-tech/cli run . \
29+ --guardrail-mode \
30+ --api-key ${{ secrets.COANA_API_KEY || 'api-key-unavailable' }} \
31+ -o /tmp/main-branch \
32+ --changed-files ${{ steps.changed-files.outputs.all_changed_files }} \
33+ --lightweight-reachability \
34+
35+ # Reset file permissions changed by Coana CLI.
36+ - name : Reset file permissions
37+ run : sudo chown -R $USER:$USER .
38+
39+ - name : Checkout the current branch
40+ uses : actions/checkout@v4
41+ with :
42+ clean : true
43+
44+ - name : Run Coana on the current branch
45+ run : |
46+ npx @coana-tech/cli run . \
47+ --guardrail-mode \
48+ --api-key ${{ secrets.COANA_API_KEY || 'api-key-unavailable' }} \
49+ -o /tmp/current-branch \
50+ --changed-files ${{ steps.changed-files.outputs.all_changed_files }} \
51+ --lightweight-reachability \
52+
53+ - name : Run Report Comparison
54+ run : |
55+ npx @coana-tech/cli compare-reports \
56+ --api-key ${{ secrets.COANA_API_KEY || 'api-key-unavailable' }} \
57+ /tmp/main-branch/coana-report.json \
58+ /tmp/current-branch/coana-report.json
59+ env :
60+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
0 commit comments