📜 updates to privacy policy (#5962) #13562
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Script to update files that should have been automatically generated. | |
name: Automatically update generated files | |
on: | |
push: | |
branches: [ main ] | |
pull_request_target: | |
branches: [ main ] | |
types: [opened, synchronize, reopened] | |
jobs: | |
autopr: | |
runs-on: ubuntu-latest | |
permissions: | |
# Give the default GITHUB_TOKEN write permission to commit and push the changed files back to the repository. | |
contents: write | |
# For commenting on a PR | |
pull-requests: write | |
steps: | |
- name: Print event (for debugging) | |
run: cat $GITHUB_EVENT_PATH | |
#---------------------------------------------------------------------- | |
# Either use HEDY_BOT_TOKEN or GITHUB_TOKEN | |
# GITHUB_TOKEN can do fewer things (push to main, trigger new GHAs, etc). | |
- name: Check for presence of GitHub Token | |
id: secret | |
run: | | |
if [ ! -z "${{ secrets.HEDY_BOT_TOKEN }}" ]; then | |
echo "We have a token!" | |
echo "secret=${{ secrets.HEDY_BOT_TOKEN }}" >> $GITHUB_OUTPUT | |
else | |
echo "We do not have a token" | |
echo "secret=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_OUTPUT | |
fi | |
- name: Determine branch name | |
id: branch | |
run: | | |
if [[ "${{ github.event_name }}" == "pull_request"* ]]; then | |
echo "Pull Request" | |
echo "branch=$PULL_REQUEST_HEAD_REF" >> $GITHUB_OUTPUT | |
echo "repo=${{ github.event.pull_request.head.repo.full_name }}" >> $GITHUB_OUTPUT | |
elif [[ "${{ github.event_name }}" == "push" ]]; then | |
echo "Push Event" | |
echo "branch=${{ github.ref }}" >> $GITHUB_OUTPUT | |
echo "repo=${{ github.event.repository.full_name }}" >> $GITHUB_OUTPUT | |
else | |
echo "Unsupported event type!" >&2 | |
exit 1 | |
fi | |
env: | |
# Necessary to pass like this to avoid shell script injection | |
PULL_REQUEST_HEAD_REF: ${{ github.event.pull_request.head.ref }} | |
#---------------------------------------------------------------------- | |
# Checkout source | |
# | |
# We need to pass the token here -- the commit action below will not overwrite the token to push. | |
# This is necessary to bypass branch protection (which will disallow non-reviewed pushes otherwise) | |
# | |
# Make a distinction between Pull Request checkout and Push checkout. Push checkout | |
# works mostly automatically, but for PRs we must be very explicit to get the right | |
# branch and also support forks. | |
- uses: actions/checkout@v4 | |
name: Checkout branch | |
with: | |
fetch-depth: 1 | |
ref: ${{ steps.branch.outputs.branch }} | |
repository: ${{ steps.branch.outputs.repo }} | |
token: ${{ steps.secret.outputs.secret }} | |
#---------------------------------------------------------------------- | |
# Actual build | |
- name: Set up Python 3.12 | |
uses: actions/setup-python@v1 | |
with: | |
python-version: 3.12 | |
- name: Install Python dependencies | |
run: | | |
python3 -m pip install --upgrade pip | |
pip3 install -r requirements.txt | |
#---------------------------------------------------------------------- | |
# Set up cache so that running snippet tests is somewhat cheap | |
- name: Calculate hedy cache key | |
run: "echo value=$(ls -1 hedy.py hedy_*.py grammars/* | sort | xargs tail -n 99999999 | sha256sum | cut -f 1 -d ' ') >> $GITHUB_OUTPUT" | |
id: hedy_cache_key | |
- name: Cache hedy test runs | |
uses: actions/cache@v3 | |
with: | |
path: .test-cache | |
key: "hedy-test-cache-${{ steps.hedy_cache_key.outputs.value }}" | |
- name: Automatically update generated files | |
run: | | |
doit run _autopr | |
- name: Automatically update generated files (for Weblate PRs) | |
if: | | |
github.event.pull_request.user.login == 'weblate' || | |
contains(github.event.pull_request.labels.*.name, 'translations') | |
run: | | |
doit run _autopr_weblate | |
- name: Prepare comment | |
if: ${{ hashFiles('snippet-report.md.tmp') != '' }} | |
run: | | |
echo 'The automatic script made changes' >> comment.md.tmp | |
cat snippet-report.md.tmp >> comment.md.tmp | |
- name: Post comment | |
if: ${{ hashFiles('comment.md.tmp') != '' && github.event_name == 'pull_request_target' }} | |
uses: thollander/actions-comment-pull-request@v2 | |
with: | |
filePath: comment.md.tmp | |
#---------------------------------------------------------------------- | |
# Commit back | |
# For some reason, we must supply the token here again, even though | |
# we already supplied it during checkout. | |
- name: Commit changed files (with token) | |
uses: stefanzweifel/[email protected] | |
with: | |
commit_message: 🤖 Automatically update generated files | |
branch: ${{ steps.branch.outputs.branch }} | |
env: | |
GITHUB_TOKEN: ${{ steps.secret.outputs.secret }} |