chore: import upstream snapshot with attribution
CodeQL / Analyze (python) (push) Has been cancelled
Update Platform Components Table / update (push) Has been cancelled
Docker image release / Build base image (push) Has been cancelled
Sync docs with Docusaurus / sync (push) Has been cancelled
Tests / Check if changed (push) Has been cancelled
Tests / format (push) Has been cancelled
Tests / check-imports (push) Has been cancelled
Tests / Unit / macos-latest (push) Has been cancelled
Tests / Unit / ubuntu-latest (push) Has been cancelled
Tests / Unit / windows-latest (push) Has been cancelled
Tests / mypy (push) Has been cancelled
Tests / Integration / ubuntu-latest (push) Has been cancelled
Tests / Integration / macos-latest (push) Has been cancelled
Tests / Integration / windows-latest (push) Has been cancelled
Tests / notify-slack-on-failure (push) Has been cancelled
Tests / Mark tests as completed (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Update Platform Components Table / update (push) Has been cancelled
Docker image release / Build base image (push) Has been cancelled
Sync docs with Docusaurus / sync (push) Has been cancelled
Tests / Check if changed (push) Has been cancelled
Tests / format (push) Has been cancelled
Tests / check-imports (push) Has been cancelled
Tests / Unit / macos-latest (push) Has been cancelled
Tests / Unit / ubuntu-latest (push) Has been cancelled
Tests / Unit / windows-latest (push) Has been cancelled
Tests / mypy (push) Has been cancelled
Tests / Integration / ubuntu-latest (push) Has been cancelled
Tests / Integration / macos-latest (push) Has been cancelled
Tests / Integration / windows-latest (push) Has been cancelled
Tests / notify-slack-on-failure (push) Has been cancelled
Tests / Mark tests as completed (push) Has been cancelled
This commit is contained in:
@@ -0,0 +1,70 @@
|
||||
name: Detect docstrings edit
|
||||
|
||||
# This workflow runs in the *untrusted* pull_request context: it has a read-only
|
||||
# token and no access to secrets, so checking out the PR head here is safe.
|
||||
# It only computes whether docstrings changed and hands the result to the
|
||||
# "Apply docstrings label" workflow (workflow_run), which holds the write token
|
||||
# but never checks out untrusted code. See:
|
||||
# https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- "haystack/**/*.py"
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
PYTHON_VERSION: "3.11"
|
||||
|
||||
jobs:
|
||||
detect:
|
||||
runs-on: ubuntu-slim
|
||||
|
||||
steps:
|
||||
- name: Checkout base commit
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||
with:
|
||||
persist-credentials: false
|
||||
ref: ${{ github.base_ref }}
|
||||
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
|
||||
with:
|
||||
python-version: "${{ env.PYTHON_VERSION }}"
|
||||
|
||||
- name: Get base docstrings
|
||||
id: base-docstrings
|
||||
run: |
|
||||
CHECKSUM=$(python .github/utils/docstrings_checksum.py --root "${{ github.workspace }}")
|
||||
echo "checksum=$CHECKSUM" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Checkout HEAD commit
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||
with:
|
||||
persist-credentials: false
|
||||
ref: ${{ github.event.pull_request.head.sha }}
|
||||
|
||||
- name: Get HEAD docstrings
|
||||
id: head-docstrings
|
||||
run: |
|
||||
CHECKSUM=$(python .github/utils/docstrings_checksum.py --root "${{ github.workspace }}")
|
||||
echo "checksum=$CHECKSUM" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Write result
|
||||
# The follow-up workflow reads these values; it never checks out the PR code.
|
||||
run: |
|
||||
mkdir -p result
|
||||
echo "${{ github.event.pull_request.number }}" > result/pr_number
|
||||
if [ "${{ steps.base-docstrings.outputs.checksum }}" != "${{ steps.head-docstrings.outputs.checksum }}" ]; then
|
||||
echo "true" > result/should_label
|
||||
else
|
||||
echo "false" > result/should_label
|
||||
fi
|
||||
|
||||
- name: Upload result
|
||||
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
|
||||
with:
|
||||
name: docstring-label-result
|
||||
path: result/
|
||||
retention-days: 1
|
||||
Reference in New Issue
Block a user