-
Notifications
You must be signed in to change notification settings - Fork 41
Update danger workflows #88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -0,0 +1,10 @@ | ||||||
| name: Danger Comment | ||||||
| on: | ||||||
| workflow_run: | ||||||
| workflows: [Danger] | ||||||
| types: [completed] | ||||||
|
|
||||||
| jobs: | ||||||
| comment: | ||||||
| uses: numbata/danger-pr-comment/.github/workflows/danger-comment.yml@main | ||||||
|
||||||
| uses: numbata/danger-pr-comment/.github/workflows/danger-comment.yml@main | |
| uses: numbata/danger-pr-comment/.github/workflows/danger-comment.yml@v1 |
| Original file line number | Diff line number | Diff line change | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| @@ -1,21 +1,11 @@ | ||||||||||
| name: danger | ||||||||||
| on: pull_request | ||||||||||
| name: Danger | ||||||||||
| on: | ||||||||||
| pull_request: | ||||||||||
| types: [opened, reopened, edited, synchronize] | ||||||||||
|
|
||||||||||
| jobs: | ||||||||||
| danger: | ||||||||||
| runs-on: ubuntu-latest | ||||||||||
| steps: | ||||||||||
| - uses: actions/checkout@v4 | ||||||||||
| with: | ||||||||||
| fetch-depth: 100 | ||||||||||
| - name: Set up Ruby | ||||||||||
| uses: ruby/setup-ruby@v1 | ||||||||||
| with: | ||||||||||
| ruby-version: 3.2 | ||||||||||
| bundler-cache: true | ||||||||||
| rubygems: latest | ||||||||||
| - name: Run Danger | ||||||||||
| run: | | ||||||||||
| # the token is public, has public_repo scope and belongs to the grape-bot user owned by @dblock, this is ok | ||||||||||
| TOKEN=$(echo -n Z2hwX2lYb0dPNXNyejYzOFJyaTV3QUxUdkNiS1dtblFwZTFuRXpmMwo= | base64 --decode) | ||||||||||
| DANGER_GITHUB_API_TOKEN=$TOKEN bundle exec danger --verbose | ||||||||||
| uses: numbata/danger-pr-comment/.github/workflows/danger-run.yml@main | ||||||||||
|
||||||||||
| uses: numbata/danger-pr-comment/.github/workflows/danger-run.yml@main | |
| uses: ruby-grape/danger/.github/workflows/danger-run.yml@main |
Copilot
AI
Dec 25, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The workflow references use @main which always pulls the latest version of the shared workflow. This could introduce unexpected breaking changes or behavior modifications. Consider pinning to a specific version tag or commit SHA for more stable and predictable builds.
| uses: numbata/danger-pr-comment/.github/workflows/danger-run.yml@main | |
| uses: numbata/danger-pr-comment/.github/workflows/danger-run.yml@v1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The workflow references "numbata/danger-pr-comment" repository, but the PR description states the changes "reuse shared workflows from the
ruby-grape/dangerrepository". This inconsistency between the description and the actual implementation should be clarified. Either the workflow reference should be updated to use the ruby-grape organization repository, or the PR description should be corrected to match the actual repository being used.