From 39082ed1de2b44a459ea3fdba45a9ce7602a18f8 Mon Sep 17 00:00:00 2001 From: Koji Hasegawa Date: Sat, 26 Oct 2024 23:25:44 +0900 Subject: [PATCH 1/2] Add conflibot workflow --- .github/workflows/conflibot.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/workflows/conflibot.yml diff --git a/.github/workflows/conflibot.yml b/.github/workflows/conflibot.yml new file mode 100644 index 0000000..e5b4d1e --- /dev/null +++ b/.github/workflows/conflibot.yml @@ -0,0 +1,31 @@ +name: Check pull requests for conflicts + +on: + pull_request_target: + types: [ opened, synchronize, reopened ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: {} + +defaults: + run: + shell: bash + +jobs: + conflibot: + runs-on: ubuntu-latest + timeout-minutes: 5 + permissions: + contents: read + pull-requests: read + checks: write + + steps: + - uses: actions/checkout@v4 + - uses: wktk/conflibot@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + exclude: "" From ec7ab22b51e7ac75e54f85c9fab1e5cefaddadf5 Mon Sep 17 00:00:00 2001 From: Koji Hasegawa Date: Sat, 26 Oct 2024 23:26:45 +0900 Subject: [PATCH 2/2] Fix permissions and enable bash pipefail option --- .github/workflows/actionlint.yml | 6 ++++++ .github/workflows/metacheck.yml | 6 ++++++ .github/workflows/test-integration.yml | 6 ++++++ .github/workflows/test.yml | 6 ++++++ 4 files changed, 24 insertions(+) diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 8f53537..beb4084 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -14,6 +14,12 @@ on: paths: - .github/workflows/** +permissions: {} + +defaults: + run: + shell: bash + jobs: actionlint: runs-on: ubuntu-latest diff --git a/.github/workflows/metacheck.yml b/.github/workflows/metacheck.yml index fa74484..9330037 100644 --- a/.github/workflows/metacheck.yml +++ b/.github/workflows/metacheck.yml @@ -10,6 +10,12 @@ on: pull_request: types: [ opened, synchronize, reopened ] # Same as default +permissions: {} + +defaults: + run: + shell: bash + jobs: meta-check: runs-on: ubuntu-latest diff --git a/.github/workflows/test-integration.yml b/.github/workflows/test-integration.yml index 0209cde..845533e 100644 --- a/.github/workflows/test-integration.yml +++ b/.github/workflows/test-integration.yml @@ -22,6 +22,12 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event.inputs.runner }} cancel-in-progress: true +permissions: {} + +defaults: + run: + shell: bash + jobs: test: if: github.event.pull_request.head.repo.fork == false # Skip on public fork, because can not read secrets. diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index de09cee..4b53496 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -22,6 +22,12 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +permissions: {} + +defaults: + run: + shell: bash + jobs: test: if: github.event.pull_request.head.repo.fork == false # Skip on public fork, because can not read secrets.