Files
deepset-ai--haystack/.github/workflows/docstring_labeler.yml
T
wehub-resource-sync c56bef871b
Sync docs with Docusaurus / sync (push) Waiting to run
Tests / Check if changed (push) Waiting to run
Tests / format (push) Blocked by required conditions
Tests / check-imports (push) Blocked by required conditions
Tests / Unit / macos-latest (push) Blocked by required conditions
Tests / Unit / ubuntu-latest (push) Blocked by required conditions
Tests / Unit / windows-latest (push) Blocked by required conditions
Tests / mypy (push) Blocked by required conditions
Tests / Integration / ubuntu-latest (push) Blocked by required conditions
Tests / Integration / macos-latest (push) Blocked by required conditions
Tests / Integration / windows-latest (push) Blocked by required conditions
Tests / notify-slack-on-failure (push) Blocked by required conditions
Tests / Mark tests as completed (push) Blocked by required conditions
Docker image release / Build base image (push) Waiting to run
CodeQL / Analyze (python) (push) Has been cancelled
Update Platform Components Table / update (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:22:28 +08:00

71 lines
2.4 KiB
YAML

name: Detect docstrings edit
# This workflow runs in the *untrusted* pull_request context: it has a read-only
# token and no access to secrets, so checking out the PR head here is safe.
# It only computes whether docstrings changed and hands the result to the
# "Apply docstrings label" workflow (workflow_run), which holds the write token
# but never checks out untrusted code. See:
# https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
on:
pull_request:
paths:
- "haystack/**/*.py"
permissions:
contents: read
env:
PYTHON_VERSION: "3.11"
jobs:
detect:
runs-on: ubuntu-slim
steps:
- name: Checkout base commit
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
ref: ${{ github.base_ref }}
- name: Setup Python
uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
with:
python-version: "${{ env.PYTHON_VERSION }}"
- name: Get base docstrings
id: base-docstrings
run: |
CHECKSUM=$(python .github/utils/docstrings_checksum.py --root "${{ github.workspace }}")
echo "checksum=$CHECKSUM" >> "$GITHUB_OUTPUT"
- name: Checkout HEAD commit
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
ref: ${{ github.event.pull_request.head.sha }}
- name: Get HEAD docstrings
id: head-docstrings
run: |
CHECKSUM=$(python .github/utils/docstrings_checksum.py --root "${{ github.workspace }}")
echo "checksum=$CHECKSUM" >> "$GITHUB_OUTPUT"
- name: Write result
# The follow-up workflow reads these values; it never checks out the PR code.
run: |
mkdir -p result
echo "${{ github.event.pull_request.number }}" > result/pr_number
if [ "${{ steps.base-docstrings.outputs.checksum }}" != "${{ steps.head-docstrings.outputs.checksum }}" ]; then
echo "true" > result/should_label
else
echo "false" > result/should_label
fi
- name: Upload result
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: docstring-label-result
path: result/
retention-days: 1