Reject mismatched sources rules changes #335
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# NOTE: it is UNSAFE to run ANY kind of script when using the pull_request_target trigger! | |
# DO NOT TOUCH THIS FILE UNLESS THE TRIGGER IS CHANGED. | |
# See warning in https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target. | |
name: Engine version checks (weak) | |
on: | |
pull_request_target: | |
paths: | |
- 'userspace/engine/*.cpp' | |
- 'userspace/engine/*.h' | |
permissions: | |
contents: read | |
jobs: | |
paths-filter: | |
runs-on: ubuntu-latest | |
outputs: | |
engine_version_changed: ${{ steps.filter.outputs.engine_version }} | |
steps: | |
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 | |
id: filter | |
with: | |
filters: | | |
engine_version: | |
- 'userspace/engine/falco_engine_version.h' | |
check-engine-version-weak: | |
runs-on: ubuntu-22.04 | |
permissions: | |
pull-requests: write | |
needs: paths-filter | |
if: needs.paths-filter.outputs.engine_version_changed == 'false' | |
steps: | |
- name: Check driver Falco engine version | |
uses: mshick/add-pr-comment@7c0890544fb33b0bdd2e59467fbacb62e028a096 # v2.8.1 | |
with: | |
message: | | |
This PR may bring feature or behavior changes in the Falco engine and may require the engine version to be bumped. | |
Please double check **userspace/engine/falco_engine_version.h** file. See [versioning for FALCO_ENGINE_VERSION](https://github.com/falcosecurity/falco/blob/master/RELEASE.md#falco-repo-this-repo). | |
/hold |