chore(deps): bump @eslint/js from 9.39.1 to 9.39.2 #270
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################## | |
| ############################################################################## | |
| # | |
| # NOTE! | |
| # | |
| # Please read the README.md file in this directory that defines what should | |
| # be placed in this file | |
| # | |
| ############################################################################## | |
| ############################################################################## | |
| name: Checking workflow files | |
| on: | |
| pull_request: | |
| branches: | |
| - '**' | |
| permissions: | |
| contents: read | |
| issues: write | |
| pull-requests: write | |
| jobs: | |
| Code-Quality-Checks: | |
| name: Performs linting, formatting, type-checking, checking for different source and target branch | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: ['24.x'] | |
| steps: | |
| - name: Checkout the Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Fetch all history for all branches and tags | |
| - uses: pnpm/action-setup@v4 | |
| name: Install pnpm | |
| with: | |
| run_install: false | |
| - name: Install Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install | |
| - name: Check formatting | |
| if: steps.changed-files.outputs.only_changed != 'true' | |
| run: pnpm run format:check | |
| - name: Run formatting if check fails | |
| if: failure() | |
| run: pnpm run format:fix | |
| - name: Type-checking | |
| run: pnpm run typecheck | |
| - name: checking linting | |
| run: pnpm run lint:check | |
| - name: check for unused files,exports and dependencies | |
| run: pnpm run knip:check | |
| - name: Check if the source and target branches are different | |
| if: ${{ github.event.pull_request.base.ref == github.event.pull_request.head.ref }} | |
| run: | | |
| echo "Source Branch ${{ github.event.pull_request.head.ref }}" | |
| echo "Target Branch ${{ github.event.pull_request.base.ref }}" | |
| echo "Error: Source and Target Branches are the same. Please ensure they are different." | |
| echo "Error: Close this PR and try again." | |
| exit 1 | |
| Check-Sensitive-Files: | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| name: Checks if sensitive files have been changed without authorization | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Fetch all history for all branches and tags | |
| - name: Get PR labels | |
| id: check-labels | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| if [ -z "${{ github.event.pull_request.number }}" ]; then | |
| echo "skip=false" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| LABELS="$(gh api repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels --jq '.[].name' | tr '\n' ' ')" | |
| if echo "$LABELS" | grep -qw "ignore-sensitive-files-pr"; then | |
| echo "::notice::Skipping sensitive files check due to 'ignore-sensitive-files-pr' label." | |
| echo "skip=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "skip=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Get Changed Unauthorized files | |
| if: steps.check-labels.outputs.skip != 'true' | |
| id: changed-unauth-files | |
| run: | | |
| # Skip if not in PR context | |
| if [ -z "${{ github.event.pull_request.base.sha }}" ]; then | |
| echo "any_changed=false" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| # Determine base and head commits for comparison | |
| HEAD_SHA="${{ github.event.pull_request.head.sha || github.sha }}" | |
| BASE_SHA=$(git merge-base "${{ github.event.pull_request.base.sha }}" "$HEAD_SHA") | |
| # Define sensitive files patterns as a bash array | |
| SENSITIVE_PATTERNS=( | |
| ".github/" | |
| "package.json" | |
| "sidebar.js$" | |
| "docusaurus.config.js" | |
| "babel.config.js" | |
| "CODEOWNERS" | |
| "LICENSE" | |
| ".md" | |
| "package-lock.json" | |
| "tsconfig.json" | |
| "pnpm.lock" | |
| "static/.nojekyll" | |
| ".gitignore" | |
| ".prettierignore" | |
| ".prettierrc" | |
| '^.husky/.*' | |
| '^scripts/.*' | |
| 'tsconfig.json$' | |
| '.eslintrc.json$' | |
| '.eslintignore$' | |
| 'CODEOWNERS$' | |
| 'LICENSE$' | |
| '.coderabbit.yaml$' | |
| 'CODE_OF_CONDUCT.md$' | |
| 'CODE_STYLE.md$' | |
| 'CONTRIBUTING.md$' | |
| 'DOCUMENTATION.md$' | |
| 'INSTALLATION.md$' | |
| 'ISSUE_GUIDELINES.md$' | |
| 'PR_GUIDELINES.md$' | |
| 'README.md$' | |
| '.*.pem$' | |
| '.*.key$' | |
| '.*.cert$' | |
| '.*.password$' | |
| '.*.secret$' | |
| '.*.credentials$' | |
| '.nojekyll$' | |
| 'knip.json$' | |
| 'knip.deps.json$' | |
| 'CNAME$' | |
| ) | |
| # Check for changes in sensitive files | |
| CHANGED_UNAUTH_FILES="" | |
| for pattern in "${SENSITIVE_PATTERNS[@]}"; do | |
| FILES=$(git diff --name-only --diff-filter=ACMRD "$BASE_SHA" "$HEAD_SHA" | grep -E "$pattern" || true) | |
| if [ ! -z "$FILES" ]; then | |
| CHANGED_UNAUTH_FILES="$CHANGED_UNAUTH_FILES $FILES" | |
| fi | |
| done | |
| # Trim and format output | |
| CHANGED_UNAUTH_FILES=$(echo "$CHANGED_UNAUTH_FILES" | xargs) | |
| echo "all_changed_files=$CHANGED_UNAUTH_FILES" >> $GITHUB_OUTPUT | |
| # Check if any unauthorized files changed | |
| if [ ! -z "$CHANGED_UNAUTH_FILES" ]; then | |
| echo "any_changed=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "any_changed=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: List all changed unauthorized files | |
| if: steps.changed-unauth-files.outputs.any_changed == 'true' | |
| env: | |
| CHANGED_UNAUTH_FILES: ${{ steps.changed-unauth-files.outputs.all_changed_files }} | |
| run: | | |
| echo "::error::Unauthorized changes detected in sensitive files:" | |
| echo "" | |
| for file in $CHANGED_UNAUTH_FILES; do | |
| echo "- $file" | |
| done | |
| echo "" | |
| echo "To override:" | |
| echo "Add the 'ignore-sensitive-files-pr' label to this PR." | |
| exit 1 | |
| Count-Changed-Files: | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| name: Checks if number of files changed is acceptable | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Get changed files | |
| id: changed-files | |
| run: | | |
| FILES_COUNT=$(git diff --name-only --diff-filter=ACMRT ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} | wc -l) | |
| echo "all_changed_files_count=$FILES_COUNT" >> $GITHUB_OUTPUT | |
| - name: Echo number of changed files | |
| env: | |
| CHANGED_FILES_COUNT: ${{ steps.changed-files.outputs.all_changed_files_count }} | |
| run: | | |
| echo "Number of files changed: $CHANGED_FILES_COUNT" | |
| - name: Check if the number of changed files is less than 100 | |
| if: ${{ steps.changed-files.outputs.all_changed_files_count > 100 }} | |
| env: | |
| CHANGED_FILES_COUNT: ${{ steps.changed-files.outputs.all_changed_files_count }} | |
| run: | | |
| echo "Error: Too many files (greater than 100) changed in the pull request." | |
| echo "Possible issues:" | |
| echo "- Contributor may be merging into an incorrect branch." | |
| echo "- Source branch may be incorrect please use develop as source branch." | |
| exit 1 | |
| Test-Docusaurus-Deployment: | |
| name: Test Deployment to https://docs.talawa.io | |
| runs-on: ubuntu-latest | |
| needs: [Code-Quality-Checks] | |
| strategy: | |
| matrix: | |
| node-version: ['24.x'] | |
| # Run only if the develop branch and not dependabot | |
| # if: ${{ github.actor != 'dependabot[bot]' && github.event.pull_request.base.ref == 'develop' }} | |
| if: ${{ github.event.pull_request.base.ref == 'develop' }} | |
| steps: | |
| - name: Checkout the Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Fetch all history for all branches and tags | |
| - uses: pnpm/action-setup@v4 | |
| name: Install pnpm | |
| with: | |
| run_install: false | |
| cache: pnpm | |
| cache-dependency-path: | | |
| pnpm-lock.yaml | |
| package.json | |
| - name: Install Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'pnpm' | |
| # Run Docusaurus in the ./docs directory | |
| - name: Install dependencies | |
| working-directory: ./ | |
| run: pnpm install --frozen-lockfile | |
| - name: Test building the website | |
| working-directory: ./ | |
| run: pnpm build | |
| Remove-LGTM-Label: | |
| name: Remove LGTM Label | |
| runs-on: ubuntu-latest | |
| if: always() | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: Remove LGTM label | |
| uses: actions/github-script@v8 | |
| with: | |
| script: | | |
| try { | |
| await github.rest.issues.removeLabel({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.payload.pull_request.number, | |
| name: 'LGTM' | |
| }); | |
| console.log('LGTM label removed from PR #' + context.payload.pull_request.number); | |
| } catch (error) { | |
| // Check for 404 status in different possible locations | |
| const status = error.status || error.response?.status; | |
| if (status === 404) { | |
| console.log('LGTM label not found, skipping removal.'); | |
| } else { | |
| console.log('Error removing label:', error.message); | |
| // Don't throw the error - we want this job to always succeed | |
| } | |
| } | |
| Add-LGTM-Label: | |
| name: Add LGTM Label on Success | |
| runs-on: ubuntu-latest | |
| needs: [Test-Docusaurus-Deployment] | |
| if: success() | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: Add LGTM label | |
| uses: actions/github-script@v8 | |
| with: | |
| script: | | |
| try { | |
| await github.rest.issues.addLabels({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.issue.number, | |
| labels: ['LGTM'] | |
| }); | |
| } catch (error) { | |
| console.error('Failed to add LGTM label to PR' + context.issue.number + ':', error.message); | |
| throw error; | |
| } | |
| Check-Target-Branch: | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| name: Check Target Branch | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check if the target branch is develop | |
| if: github.event.pull_request.base.ref != 'develop' | |
| run: | | |
| echo "Error: Pull request target branch must be 'develop'. Please refer PR_GUIDELINES.md" | |
| exit 1 | |