From 883cb1c4cee323ad0e25ec56c2296b7eba2c69cf Mon Sep 17 00:00:00 2001
From: vindard <17693119+vindard@users.noreply.github.com>
Date: Thu, 16 Nov 2023 14:48:17 -0400
Subject: [PATCH] build: swap new buck audit steps into github actions

---
 .github/workflows/audit.yml        | 22 ------------------
 .github/workflows/buck2-audit.yaml | 37 ++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 22 deletions(-)
 delete mode 100644 .github/workflows/audit.yml
 create mode 100644 .github/workflows/buck2-audit.yaml

diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
deleted file mode 100644
index 0095b9bca1..0000000000
--- a/.github/workflows/audit.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-#! Auto synced from Shared CI Resources repository
-#! Don't change this file, instead change it in github.com/GaloyMoney/concourse-shared
-
-name: Audit
-
-on:
-  pull_request:
-    branches: [main]
-
-jobs:
-  audit:
-    name: Audit
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install Nix
-        uses: DeterminateSystems/nix-installer-action@v4
-      - name: Run the Magic Nix Cache
-        uses: DeterminateSystems/magic-nix-cache-action@v2
-      - run: cd core/api && nix develop -c pnpm install --frozen-lockfile
-      - name: Run check code
-        run: cd core/api && nix develop -c make audit
diff --git a/.github/workflows/buck2-audit.yaml b/.github/workflows/buck2-audit.yaml
new file mode 100644
index 0000000000..b60dc4ba3d
--- /dev/null
+++ b/.github/workflows/buck2-audit.yaml
@@ -0,0 +1,37 @@
+name: Buck2 audit
+on:
+  pull_request:
+    branches: [main]
+    types: [opened, synchronize, labeled, unlabeled]
+
+jobs:
+  buck2-test:
+    name: Buck2 Audit
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v4
+      - name: Run the Magic Nix Cache
+        uses: DeterminateSystems/magic-nix-cache-action@v2
+      - uses: actions/checkout@v3
+      - name: Prepare Buck2 audit args from labels
+        id: prepare_args
+        run: |
+          ARGS=""
+          cat <<EOF > labels.json
+          ${{ toJSON(github.event.pull_request.labels.*.name) }}
+          EOF
+          for LABEL in dashboard consent core; do
+            case "$LABEL" in
+              dashboard|consent)
+                ARGS+=" //apps/$LABEL:audit"
+                ;;
+              core)
+                ARGS+=" //core/api:audit"
+                ;;
+            esac
+          done
+          echo "Prepared args: $ARGS"
+          echo "args=$ARGS" >> "$GITHUB_OUTPUT"
+      - name: Buck2 test
+        run: nix develop -c buck2 test ${{ steps.prepare_args.outputs.args }}