Skip to content

ci: auto-fix schema on /fix-schema comment#481

Open
margaretjgu wants to merge 1 commit into
mainfrom
ci/schema-auto-fix
Open

ci: auto-fix schema on /fix-schema comment#481
margaretjgu wants to merge 1 commit into
mainfrom
ci/schema-auto-fix

Conversation

@margaretjgu

Copy link
Copy Markdown
Member

When Check CLI schema is up to date fails on a PR, the job now posts a comment pointing to /fix-schema.

A new schema-auto-fix workflow listens for /fix-schema comments on PRs and automatically runs npm run build:schema, commits the result, and pushes it to the PR branch.

Closes nothing directly - companion to the existing schema check.

Comment on lines +27 to +31
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
ref: ${{ steps.pr.outputs.branch }}

- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd take a look at the details on this one to make sure it not a real concern. Being able to trigger code execution by posting a comment on an issue or PR seems to be what it's flagging.

@github-actions

Copy link
Copy Markdown
Contributor

MegaLinter analysis: Success

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ ACTION actionlint 2 0 0 0.33s
✅ COPYPASTE jscpd yes no no 0.9s
✅ REPOSITORY gitleaks yes no no 58.22s
✅ REPOSITORY git_diff yes no no 0.55s
✅ REPOSITORY secretlint yes no no 29.46s
✅ REPOSITORY trivy yes no no 19.36s
✅ YAML yamllint 2 0 0 0.55s

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

jobs:
fix:
name: Regenerate and commit schema
if: github.event.issue.pull_request != null && contains(github.event.comment.body, '/fix-schema')

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will this contains rule get triggered when the ci.yml workflow posts Comment /fix-schema on this? Just making sure we avoid an infinite loop.

Comment on lines +27 to +31
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
ref: ${{ steps.pr.outputs.branch }}

- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd take a look at the details on this one to make sure it not a real concern. Being able to trigger code execution by posting a comment on an issue or PR seems to be what it's flagging.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants