Adds some infra to warn on files which changed in the PR but aren't accounted for #2901
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -40,29 +40,14 @@ jobs: | |
| env: | ||
| CI: true | ||
|
|
||
| # danger for PR builds | ||
| - name: "Run Danger" | ||
| run: | | ||
| # Exposing this token is safe because the user of it has no other public repositories | ||
| # and has no permission to modify this repository. See DefinitelyTyped #62638 for the discussion. | ||
| TOKEN='ghp_i5wtj1l2AbpFv3OU96w6R' | ||
|
There was a problem hiding this comment. Even after reading through the comment thread at DefinitelyTyped/DefinitelyTyped#62638, I'm still not a fan of using an unprotected token. Making this token public means anyone could use it to attempt to DDoS GitHub and have it falsely attributed to the DangerBotOSS account, or DoS Danger by artificially using up its rate limit. If making this a secret is not viable for usability reasons, are there any other mechanisms that could be employed to avoid exposing the token? There was a problem hiding this comment. I'm not really sure why this needs a token at all, either; isn't this just a CI check that can fail and print out the files that were forgotten? a la https://github.com/microsoft/TypeScript/blob/main/.github/workflows/ci.yml#L239 I guess because this tries to print a fancy comment? There was a problem hiding this comment. It's because you need a token to make a comment on an issue, yes!
Yep, it's a comment because no-one would read a non-failing CI build for things like warnings I did explore having a central github app danger/danger-js#1126 but it requires giving too much github access to the bot IMO, and I didn't want to centralize that many people's tokens on my spare time |
||
| TOKEN+='On3bHOkcV2AmVY6' | ||
| DANGER_GITHUB_API_TOKEN=$TOKEN yarn danger ci | ||
|
|
||
| windows: | ||
| if: github.event.action != 'closed' | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,9 +2,16 @@ | |
| // yarn danger pr https://github.com/microsoft/TypeScript-Website/pull/115 | ||
|
|
||
| import spellcheck from "danger-plugin-spellcheck" | ||
| import { warn, danger }from "danger" | ||
orta marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| import { execSync } from "child_process" | ||
|
|
||
| // Spell check all the things | ||
| spellcheck({ settings: "microsoft/[email protected]" }) | ||
|
|
||
| const gitStatus = execSync("git status --porcelain").toString() | ||
| if (gitStatus.includes("M")) { | ||
| const files = gitStatus.split("\n").filter(f => f.startsWith(" M ")).map(f => f.substr(3)) | ||
| const linksToChangedFiles = danger.github.utils.fileLinks(files) | ||
|
|
||
| warn(`There are un-staged changes to generated files: \n ${linksToChangedFiles}`) | ||
| } | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Er, is this not the code which powers the
deploy-previewlabel? https://github.com/microsoft/TypeScript-Website/blob/b03935a55750acfadc496e5fdf4258730c96cb5f/.github/workflows/deploy-preview.ymlProbably, just the deploy is what needs to be deleted?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh yeah, I thought it was doing a more native version of it, will drop next time I get back to the computer