-
Notifications
You must be signed in to change notification settings - Fork 26
73 lines (62 loc) · 2.3 KB
/
fmt.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
on:
push:
branches:
- main # Splitting out main here ensures we do not redundantly run this workflow on merge from a PR
pull_request:
branches:
- '*' # Match all branches
permissions:
contents: write
id-token: write
jobs:
fmt:
if: ${{ github.actor != 'panther-bot-automation' }}
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
files.pythonhosted.org:443
fulcio.sigstore.dev:443
github.com:443
objects.githubusercontent.com:443
pypi.org:443
rekor.sigstore.dev:443
tuf-repo-cdn.sigstore.dev:443
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: chainguard-dev/actions/setup-gitsign@e82b4e5ae10182af72972addcb3fedf7454621c8
- name: Setup Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b
with:
python-version: 3.11
- name: Install pipenv
run: make install-pipenv
- name: Install
run: make install
- name: Format
run: make fmt
- name: Commit formatting
run: |
git config --global user.name "panther-bot-automation"
git config --global user.email "[email protected]"
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
BRANCH=${{ github.head_ref }}
git fetch; git checkout ${{ github.head_ref }}
else
BRANCH=${{ github.ref }}
fi
git add -A .
REQUIRES_COMMIT=1
git commit -m "Auto-format files" || REQUIRES_COMMIT=0
if [[ $REQUIRES_COMMIT -eq 0 ]]; then
echo "No auto-formatting needed"
else
echo "Committing auto-formatted files"
git push origin HEAD:$BRANCH
gitsign verify $(git rev-parse HEAD) --certificate-identity-regexp="https://github.com/${{ github.repository }}/*" --certificate-oidc-issuer="https://token.actions.githubusercontent.com"
fi
env:
GH_TOKEN: ${{ secrets.PANTHER_BOT_AUTOMATION_TOKEN }}