mirror of
https://github.com/immich-app/immich.git
synced 2025-05-24 01:12:58 -04:00
504930947d
* fix: set persist-credentials explicitly for checkout https://woodruffw.github.io/zizmor/audits/#artipacked * fix: minimize permissions scope for workflows https://woodruffw.github.io/zizmor/audits/#excessive-permissions * fix: remove potential template injections https://woodruffw.github.io/zizmor/audits/#template-injection * fix: only pass needed secrets in workflow_call https://woodruffw.github.io/zizmor/audits/#secrets-inherit * fix: push perm for single-arch build jobs I hadn't realised these push to the registry too :x * chore: fix formatting * fix: $ * fix: retag job quoting --------- Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
56 lines
1.6 KiB
YAML
56 lines
1.6 KiB
YAML
name: Fix formatting
|
|
|
|
on:
|
|
pull_request:
|
|
types: [labeled]
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
fix-formatting:
|
|
runs-on: ubuntu-latest
|
|
if: ${{ github.event.label.name == 'fix:formatting' }}
|
|
permissions:
|
|
contents: write
|
|
pull-requests: write
|
|
steps:
|
|
- name: Generate a token
|
|
id: generate-token
|
|
uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2
|
|
with:
|
|
app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
|
|
private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
|
|
|
|
- name: 'Checkout'
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.ref }}
|
|
token: ${{ steps.generate-token.outputs.token }}
|
|
persist-credentials: true
|
|
|
|
- name: Setup Node
|
|
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
|
|
with:
|
|
node-version-file: './server/.nvmrc'
|
|
|
|
- name: Fix formatting
|
|
run: make install-all && make format-all
|
|
|
|
- name: Commit and push
|
|
uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9
|
|
with:
|
|
default_author: github_actions
|
|
message: 'chore: fix formatting'
|
|
|
|
- name: Remove label
|
|
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
|
|
if: always()
|
|
with:
|
|
script: |
|
|
github.rest.issues.removeLabel({
|
|
issue_number: context.payload.pull_request.number,
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
name: 'fix:formatting'
|
|
})
|