Skip to content

Release: Prerelease 10.5.0-alpha.10 #74836

Release: Prerelease 10.5.0-alpha.10

Release: Prerelease 10.5.0-alpha.10 #74836

Workflow file for this run

###################################################################################################
# #
# ██ #
# ██░░██ #
# ░░ ░░ ██░░░░░░██ ░░░░ #
# ██░░░░░░░░░░██ #
# ██░░░░░░░░░░██ #
# ██░░░░░░░░░░░░░░██ #
# ██░░░░░░██████░░░░░░██ #
# ██░░░░░░██████░░░░░░██ #
# ██░░░░░░░░██████░░░░░░░░██ #
# ██░░░░░░░░██████░░░░░░░░██ #
# ██░░░░░░░░░░██████░░░░░░░░░░██ #
# ██░░░░░░░░░░░░██████░░░░░░░░░░░░██ #
# ██░░░░░░░░░░░░██████░░░░░░░░░░░░██ #
# ██░░░░░░░░░░░░░░██████░░░░░░░░░░░░░░██ #
# ██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██ #
# ██░░░░░░░░░░░░░░░░██████░░░░░░░░░░░░░░░░██ #
# ██░░░░░░░░░░░░░░░░██████░░░░░░░░░░░░░░░░██ #
# ██░░░░░░░░░░░░░░░░░░██████░░░░░░░░░░░░░░░░░░██ #
# ░░ ██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██ #
# ██████████████████████████████████████████ #
# #
# #
# SECURITY WARNING: Ensure your `pull_request_target` job respects the following rules: #
# #
# - Never write to GitHub Actions cache, as it would allow cache poisoning attacks #
# - Only call third-party systems that are aware the code passed to them could be untrustworthy #
# - Always set explicit permissions on your PR to limit the capabilities of secrets.GITHUB_TOKEN #
# #
###################################################################################################
name: Danger JS
on:
# We need `pull_request_target` to check external contributor PRs.
# zizmor: ignore[dangerous-triggers] # job checks out base.sha (trusted code), not the PR head; see security warning above
pull_request_target:
types:
- opened
- synchronize
- reopened
- labeled
- unlabeled
- edited
branches:
- '**'
concurrency:
group: ${{ github.workflow }}-${{ github.event.number }}
cancel-in-progress: true
permissions: {}
jobs:
dangerJS:
name: Danger JS
runs-on: ubuntu-latest
permissions:
contents: read
issues: read
pull-requests: write
statuses: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
# Checkout our own base code, NOT the untrusted PR code.
ref: ${{ github.event.pull_request.base.sha }}
persist-credentials: false
- name: Danger JS
uses: docker://ghcr.io/danger/danger-js@sha256:66d5394557aef115c9b8086e9886fc24ee32d82ad222efb83778468538a91ef0 # 13.0.5
with:
args: --dangerfile scripts/dangerfile.js
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}