ci(lint): add shell linter - Differential ShellCheck #18651
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Flake8 | |
# pull requests: | |
# run on pull_request_target instead of just pull_request as we need write access to update the status check | |
on: | |
workflow_dispatch: | |
pull_request_target: | |
push: | |
jobs: | |
flake8-your-pr: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target' | |
uses: actions/checkout@v4 | |
# by default the pull_requst_target event checks out the base branch, i.e. dev | |
# so we need to explicitly checkout the head of the PR | |
# we use fetch-depth 0 to make sure the full history is checked out and we can compare against | |
# the base commit (branch) of the PR | |
# more info https://github.community/t/github-actions-are-severely-limited-on-prs/18179/16 | |
# we checkout merge_commit here as this contains all new code from dev also. we don't need to compare against base_commit | |
with: | |
persist-credentials: false | |
fetch-depth: 0 | |
ref: refs/pull/${{ github.event.pull_request.number }}/merge | |
# repository: ${{github.event.pull_request.head.repo.full_name}} | |
- name: Checkout | |
# for non PR runs we just checkout the default, which is a sha on a branch probably | |
if: github.event_name != 'pull_request' && github.event_name != 'pull_request_target' | |
uses: actions/checkout@v4 | |
# - uses: tayfun/flake8-your-pr@master | |
- uses: DefectDojo/flake8-your-pr@master | |
env: | |
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" |