pre-commit #19898
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Part of the Carbon Language project, under the Apache License v2.0 with LLVM | |
| # Exceptions. See /LICENSE for license information. | |
| # SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception | |
| name: pre-commit | |
| on: | |
| pull_request: | |
| merge_group: | |
| push: | |
| branches: [trunk] | |
| permissions: | |
| contents: read # For actions/checkout. | |
| jobs: | |
| pre-commit: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 | |
| with: | |
| egress-policy: block | |
| # When adding endpoints, see README.md. | |
| # prettier-ignore | |
| allowed-endpoints: > | |
| *.blob.storage.azure.net:443 | |
| *.githubapp.com:443 | |
| *.sourceforge.net:443 | |
| api.github.com:443 | |
| api.ipify.org:443 | |
| bcr.bazel.build:443 | |
| downloads.sourceforge.net:443 | |
| files.pythonhosted.org:443 | |
| github.com:443 | |
| go.dev:443 | |
| mirror.bazel.build:443 | |
| mirrors.kernel.org:443 | |
| nodejs.org:443 | |
| oauth2.googleapis.com:443 | |
| objects.githubusercontent.com:443 | |
| pypi.org:443 | |
| registry.npmjs.org:443 | |
| release-assets.githubusercontent.com:443 | |
| releases.bazel.build:443 | |
| storage.googleapis.com:443 | |
| uploads.github.com:443 | |
| www.googleapis.com:443 | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| # Ensure LLVM is set up consistently. | |
| - uses: ./.github/actions/build-setup-common | |
| with: | |
| matrix_runner: ubuntu-22.04 | |
| remote_cache_upload: '--remote_upload_local_results=false' | |
| - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 | |
| # We want to automatically create github suggestions for pre-commit file | |
| # changes for a pull request. But `pull_request` actions never have write | |
| # permissions to the repository, so we create the suggestions in a separate | |
| # privileged `workflow_run` action in pre_commit_suggestions.yaml. Here, | |
| # we upload the diffs and event configuration to an artifact for use by | |
| # that action. | |
| - name: Collect pre-commit output | |
| if: failure() | |
| run: | | |
| mkdir -p pre-commit-output | |
| git diff > pre-commit-output/diff | |
| cp $GITHUB_EVENT_PATH pre-commit-output/event | |
| - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| if: failure() | |
| with: | |
| name: pre-commit output | |
| path: pre-commit-output/* |