From d1b7ceba0efd65f4b96e883c9ca95bf5158414b4 Mon Sep 17 00:00:00 2001 From: Luke Walton Date: Mon, 17 Jun 2024 19:56:46 +0100 Subject: [PATCH] ci: check secrets (#54) --- .github/workflows/code-quality.yml | 71 ++++++++++++++++++- .github/workflows/pull-request.yml | 9 +-- .github/workflows/up-to-date.yml | 1 + .../components/progress/progress_circle.dart | 2 +- 4 files changed, 75 insertions(+), 8 deletions(-) diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml index 6d6424e2..bb2fd3a3 100644 --- a/.github/workflows/code-quality.yml +++ b/.github/workflows/code-quality.yml @@ -6,11 +6,12 @@ jobs: code-quality: runs-on: ubuntu-latest timeout-minutes: 20 + permissions: write-all steps: - uses: actions/checkout@v4 with: - fetch-depth: 0 ref: ${{ github.head_ref }} + repository: ${{github.event.pull_request.head.repo.full_name}} - name: Get branch name id: branch-name uses: tj-actions/branch-names@v7.0.7 @@ -18,13 +19,45 @@ jobs: - name: Setup flutter run: flutter pub get - name: Format code + id: format run: dart format . -l 120 - name: Apply linter auto-fixes + id: lint run: dart fix --apply - name: Check for un-fixable issues - run: flutter analyze + id: fix + run: | + + # Allows code to run after an error. + set -e + + # Runs flutter analyze; saves output and if it fails. + out="$(flutter analyze)" || failed='true' + + echo "$out" + + # Saves output to either success or failure variables. + if [ "$failed" == "true" ]; then + echo "FAILURE=true" >> $GITHUB_OUTPUT + fi - name: Run tests - run: cd example && flutter test + id: test + run: | + + cd example + + # Allows code to run after an error. + set -e + + # Runs flutter test; saves output and if it fails. + out=$(flutter test) || failed='true' + + echo "$out" + + # Saves output to either success or failure variables. + if [ "$failed" == "true" ]; then + echo "FAILURE=true" >> $GITHUB_OUTPUT + fi - name: Check for modified files id: git-check run: echo "modified=$(if [ -n "$(git status --porcelain)" ]; then echo "true"; else echo "false"; fi)" >> $GITHUB_ENV @@ -36,3 +69,35 @@ jobs: git add -A git commit -m '[automated commit] lint format and import sort' git push + + - name: Print outputs + env: + GH_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + run: | + template='

PR Checks complete

✅ - Linting
' + + if [ -n "${{steps.fix.outputs.FAILURE}}" ]; then + template="$template ⛔️ - Problems found in code. To replicate, run dart fix
" + else + template="$template ✅ - No errors found in code
" + fi + + if [ -n "${{steps.test.outputs.FAILURE}}" ]; then + template="$template ⛔️ - Tests failed. To replicate, run flutter test
" + else + template="$template ✅ - All tests passed
" + fi + + # Add / amend comment on PR. + gh pr comment ${{github.event.pull_request.number}} --body="${template}" --edit-last -R ${{github.repository}} || gh pr comment ${{github.event.pull_request.number}} --body="${template}" -R ${{github.repository}} || echo 'Token not working' + + # Concatenates failure outputs. + fail="${{steps.fix.outputs.FAILURE}}${{steps.test.outputs.FAILURE}}" + + # Checks if there is any content in the failure variable. + if [[ -z "$fail" ]]; + then + exit 0 + else + exit 1 + fi diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index ba16460a..24c4e190 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -1,6 +1,7 @@ name: CI - Pull Request on: pull_request: + pull_request_target: jobs: up-to-date: @@ -17,9 +18,8 @@ jobs: - name: Check PR can access secrets id: check run: | - if [ "${{ secrets.FIREBASE_SERVICE_ACCOUNT_ZETA_DS }}" != '' ]; then - echo "defined=true" >> $GITHUB_OUTPUT; - else + echo "defined=true" >> $GITHUB_OUTPUT; + if [ "${{ secrets.FIREBASE_SERVICE_ACCOUNT_ZETA_DS }}" == '' ]; then echo "defined=false" >> $GITHUB_OUTPUT; fi @@ -31,6 +31,7 @@ jobs: steps: - uses: actions/checkout@v4 with: + repository: ${{github.event.pull_request.head.repo.full_name}} ref: ${{ github.head_ref }} - uses: subosito/flutter-action@v2 - name: Setup flutter @@ -42,5 +43,5 @@ jobs: - uses: FirebaseExtended/action-hosting-deploy@v0 with: repoToken: "${{ secrets.GITHUB_TOKEN }}" - firebaseServiceAccount: "${{ env.key }}" + firebaseServiceAccount: "${{ secrets.FIREBASE_SERVICE_ACCOUNT_ZETA_DS }}" channelId: "pr-${{ github.event.number }}-${{ github.event.pull_request.head.ref }}" diff --git a/.github/workflows/up-to-date.yml b/.github/workflows/up-to-date.yml index 9cb009d1..40bf1593 100644 --- a/.github/workflows/up-to-date.yml +++ b/.github/workflows/up-to-date.yml @@ -12,6 +12,7 @@ jobs: with: fetch-depth: 0 ref: ${{ github.head_ref }} + repository: ${{github.event.pull_request.head.repo.full_name}} - name: Check branch is up to date id: check run: exit $(gh api /repos/${{github.event.pull_request.head.repo.full_name}}/compare/${{github.event.pull_request.base.sha}}...${{github.event.pull_request.head.sha}} | jq .behind_by) diff --git a/lib/src/components/progress/progress_circle.dart b/lib/src/components/progress/progress_circle.dart index e948603f..73286c18 100644 --- a/lib/src/components/progress/progress_circle.dart +++ b/lib/src/components/progress/progress_circle.dart @@ -29,8 +29,8 @@ class ZetaProgressCircle extends ZetaProgress { const ZetaProgressCircle({ super.key, super.progress = 0, - super.rounded, this.size = ZetaCircleSizes.xl, + super.rounded, this.onCancel, });