systemd: further cleanups for DynamicUser setup #17321
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: repository | |
on: | |
pull_request_target: | |
types: [opened, reopened, synchronize, labeled, unlabeled] | |
jobs: | |
check: | |
name: Protection checks | |
# 22.04's podman has issues with piping and causes tar errors | |
runs-on: ubuntu-20.04 | |
permissions: | |
contents: read | |
pull-requests: write | |
timeout-minutes: 5 | |
env: | |
HEAD_SHA: ${{ github.event.pull_request.head.sha }} | |
BASE_SHA: ${{ github.event.pull_request.base.sha }} | |
steps: | |
- name: Clone target branch | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Fetch PR commits | |
run: git fetch origin "${BASE_SHA}" "${HEAD_SHA}" | |
- name: Clear .github-changes label | |
if: ${{ !endsWith(github.event.action, 'labeled') }} | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
try { | |
await github.rest.issues.removeLabel({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
issue_number: context.issue.number, | |
name: '.github-changes' | |
}); | |
} catch (e) { | |
if (e.name == 'HttpError' && e.status == 404) { | |
/* expected: 404 if label is unset */ | |
} else { | |
throw e; | |
} | |
} | |
- name: Check for .github changes | |
# We want to run this check any time the .github-changes label is not | |
# set, which needs to include the case where we just unset it above. | |
if: ${{ !endsWith(github.event.action, 'labeled') || | |
!contains(github.event.pull_request.labels.*.name, '.github-changes') }} | |
run: | | |
set -x | |
git log --full-history --exit-code --patch "${HEAD_SHA}" --not "${BASE_SHA}" -- .github >&2 | |
- name: Check for node_modules availability and package.json consistency | |
run: | | |
# for each commit in the PR which modifies package.json or node_modules... | |
for commit in $(git log --reverse --full-history --format=%H \ | |
"${HEAD_SHA}" --not "${BASE_SHA}" -- package.json node_modules); do | |
# ... check that package.json and node_modules/.package.json are in sync | |
tools/node-modules verify "${commit}" | |
done |