Security hardening: Use mktemp for temporary files in diff tool to pr… #1846
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Buildifier | |
| on: | |
| pull_request: | |
| branches: ["main"] | |
| permissions: | |
| contents: read | |
| jobs: | |
| autoformat: | |
| name: Auto-format and Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: "1.25" | |
| - name: Check out code | |
| uses: actions/checkout@v6 | |
| - name: Install Dependencies | |
| run: | | |
| go install github.com/bazelbuild/buildtools/[email protected] | |
| - name: Run buildifier | |
| shell: bash | |
| run: | | |
| buildifier -mode=fix $(find . -name 'BUILD*' -o -name 'WORKSPACE*' -o -name '*.bzl' -type f) | |
| - name: Verify buildifier | |
| shell: bash | |
| run: | | |
| # From: https://backreference.org/2009/12/23/how-to-match-newlines-in-sed/ | |
| # This is to leverage this workaround: | |
| # https://github.com/actions/toolkit/issues/193#issuecomment-605394935 | |
| function urlencode() { | |
| sed ':begin;$!N;s/\n/%0A/;tbegin' | |
| } | |
| if [[ $(git diff-index --name-only HEAD --) ]]; then | |
| for x in $(git diff-index --name-only HEAD --); do | |
| echo "::error file=$x::Please run buildifier.%0A$(git diff $x | urlencode)" | |
| done | |
| echo "${{ github.repository }} is out of style. Please run buildifier." | |
| exit 1 | |
| fi | |
| echo "${{ github.repository }} is formatted correctly." |