Release: Prerelease 10.5.0-alpha.10 #74836
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################################################################### | |
| # # | |
| # ██ # | |
| # ██░░██ # | |
| # ░░ ░░ ██░░░░░░██ ░░░░ # | |
| # ██░░░░░░░░░░██ # | |
| # ██░░░░░░░░░░██ # | |
| # ██░░░░░░░░░░░░░░██ # | |
| # ██░░░░░░██████░░░░░░██ # | |
| # ██░░░░░░██████░░░░░░██ # | |
| # ██░░░░░░░░██████░░░░░░░░██ # | |
| # ██░░░░░░░░██████░░░░░░░░██ # | |
| # ██░░░░░░░░░░██████░░░░░░░░░░██ # | |
| # ██░░░░░░░░░░░░██████░░░░░░░░░░░░██ # | |
| # ██░░░░░░░░░░░░██████░░░░░░░░░░░░██ # | |
| # ██░░░░░░░░░░░░░░██████░░░░░░░░░░░░░░██ # | |
| # ██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██ # | |
| # ██░░░░░░░░░░░░░░░░██████░░░░░░░░░░░░░░░░██ # | |
| # ██░░░░░░░░░░░░░░░░██████░░░░░░░░░░░░░░░░██ # | |
| # ██░░░░░░░░░░░░░░░░░░██████░░░░░░░░░░░░░░░░░░██ # | |
| # ░░ ██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██ # | |
| # ██████████████████████████████████████████ # | |
| # # | |
| # # | |
| # SECURITY WARNING: Ensure your `pull_request_target` job respects the following rules: # | |
| # # | |
| # - Never write to GitHub Actions cache, as it would allow cache poisoning attacks # | |
| # - Only call third-party systems that are aware the code passed to them could be untrustworthy # | |
| # - Always set explicit permissions on your PR to limit the capabilities of secrets.GITHUB_TOKEN # | |
| # # | |
| ################################################################################################### | |
| name: Danger JS | |
| on: | |
| # We need `pull_request_target` to check external contributor PRs. | |
| # zizmor: ignore[dangerous-triggers] # job checks out base.sha (trusted code), not the PR head; see security warning above | |
| pull_request_target: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| - labeled | |
| - unlabeled | |
| - edited | |
| branches: | |
| - '**' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.number }} | |
| cancel-in-progress: true | |
| permissions: {} | |
| jobs: | |
| dangerJS: | |
| name: Danger JS | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| issues: read | |
| pull-requests: write | |
| statuses: write | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| # Checkout our own base code, NOT the untrusted PR code. | |
| ref: ${{ github.event.pull_request.base.sha }} | |
| persist-credentials: false | |
| - name: Danger JS | |
| uses: docker://ghcr.io/danger/danger-js@sha256:66d5394557aef115c9b8086e9886fc24ee32d82ad222efb83778468538a91ef0 # 13.0.5 | |
| with: | |
| args: --dangerfile scripts/dangerfile.js | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |