Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/meilcli/danger-action

Execute danger action for GitHub Actions.
https://github.com/meilcli/danger-action

actions danger github-actions

Last synced: 2 days ago
JSON representation

Execute danger action for GitHub Actions.

Host: GitHub
URL: https://github.com/meilcli/danger-action
Owner: MeilCli
License: mit
Created: 2019-09-14T16:39:05.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2024-10-29T15:22:39.000Z (about 2 months ago)
Last Synced: 2024-10-30T04:49:58.446Z (about 2 months ago)
Topics: actions, danger, github-actions
Language: TypeScript
Homepage: https://github.com/MeilCli/actions
Size: 2.59 MB
Stars: 39
Watchers: 4
Forks: 15
Open Issues: 2
Metadata Files:
- Readme: README.md
- Contributing: .github/CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

# danger-action
[![CI-Master](https://github.com/MeilCli/danger-action/actions/workflows/ci-master.yml/badge.svg)](https://github.com/MeilCli/danger-action/actions/workflows/ci-master.yml)
Execute [danger](https://github.com/danger/danger) action for GitHub Actions.

## Required
This action must set-up [Ruby](https://github.com/ruby/setup-ruby) and Bundler.

Recommendation: set up Ruby 2.6 or higher

## Example
```yml
name: CI

on:
pull_request:
branches:
- master

jobs:
danger:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request' # if only run pull request when multiple trigger workflow
steps:
- uses: actions/checkout@v4
- uses: ruby/setup-ruby@v1
with:
ruby-version: '2.6'
- uses: actions/cache@v4
with:
path: vendor/bundle
key: ${{ runner.os }}-gems-${{ hashFiles('Gemfile') }} # change your gemfile path
restore-keys: |
${{ runner.os }}-gems-
- uses: MeilCli/danger-action@v6
with:
plugins_file: 'Gemfile'
install_path: 'vendor/bundle'
danger_file: 'Dangerfile'
danger_id: 'danger-pr'
env:
DANGER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
```
You can also pin to a [specific release](https://github.com/MeilCli/danger-action/releases) version in the format `@v6.x.x`

## input
- `danger_version`
- optional
- version information with gem styled
- default: `>= 6.0.0`
- `danger_version_file`
- optional
- danger version file
- default: `.tool-versions`
- `danger_version_file_format`
- optional
- danger version file format. [more detail](./docs/danger-version-file.md)
- default: `asdf`
- `plugins_file`
- optional
- gemfile path for danger plugin. if set plugins_file, action do not exec `gem install danger`
- `install_path`
- optional
- bundle install path, Useful instead of `bundle config path`
- `danger_file`
- required
- dangerfile path for running danger
- `danger_id`
- required
- danger id is an identifier string, example(`danger-pr`, `danger-CI`, etc..)
- `fail_on_stderr_when_bundler`
- optional
- action fail when bundler output stderr
- default: `false`
- `fail_on_stderr_when_danger`
- optional
- action fail when danger output stderr
- default: `false`

## env
- `DANGER_GITHUB_API_TOKEN`
- required
- GitHub Token using by Danger
- recommendation value: `${{ secrets.GITHUB_TOKEN }}`

## Additional Example
```yml
name: CI

on:
pull_request:
branches:
- master

jobs:
danger:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request' # if only run pull request when multiple trigger workflow
steps:
- uses: actions/checkout@v4
- uses: ruby/setup-ruby@v1
with:
ruby-version: '2.6'
- uses: actions/cache@v4
with:
path: vendor/bundle
key: ${{ runner.os }}-gems-${{ hashFiles('.github/Gemfile') }} # change your gemfile path
restore-keys: |
${{ runner.os }}-gems-
- uses: MeilCli/danger-action@v6
with:
plugins_file: '.github/Gemfile'
install_path: 'vendor/bundle'
danger_file: '.github/Dangerfile'
danger_id: 'danger-pr'
env:
DANGER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
```
danger-action can escape path of `Gemfile`. so you can put Gemfile on no-current directory.

## Attention: For repository OSS or using dependabot
`github-actions` token has not write permission at triggered by `pull_request` that created from forked repository or created by dependabot. This reason is for security

ref: [Keeping your GitHub Actions and workflows secure: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

In this case, danger cannot use GitHub API because readonly token. And, Using `pull_request_target` is an option, but it have the security concerns.

If your needs is report of lint-result, recommending [MeilCli/common-lint-reporter](https://github.com/MeilCli/common-lint-reporter). Its action resolve this problem by using `workflow_run`.
see: [More information](https://github.com/MeilCli/common-lint-reporter/blob/master/documents/oss-or-dependabot-usage.md)

## Contributes
[](https://github.com/MeilCli/danger-action/graphs/contributors)

### Could you want to contribute?
see [Contributing.md](./.github/CONTRIBUTING.md)

## License
[](LICENSE)