gatk-sv/.github/workflows/readonly_check.yaml at 81cfd873418316b94f7b6e84fa820be4bd349f6f · broadinstitute/gatk-sv · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
name: Readonly Check

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

jobs:
  readonly:
    name: Verify
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v6
      with:
        fetch-depth: 0
    - name: Get changed files
      id: changed-files
      run: |
        # xref: https://stackoverflow.com/a/74268200
        if [ "${{ github.event_name }}" == "pull_request" ]; then
          echo "changed_files=$(git diff --name-only -r HEAD^1 HEAD | xargs)" >> $GITHUB_OUTPUT
        else
          echo "changed_files=$(git diff --name-only ${{ github.event.before }} ${{ github.event.after }} | xargs)" >> $GITHUB_OUTPUT
        fi
    - name: Enforce
      run: |
        readonly_files=(".github/.dockstore.yml" "inputs/values/dockers.json")
        changed_files="${{ steps.changed-files.outputs.changed_files }}"
        error=0
        for file in $changed_files; do
          for readonly_file in "${readonly_files[@]}"; do
            if [[ "${file}" == "${readonly_file}" ]]; then
              echo "::error::Readonly file modified: $file"
              error=1
              break
            fi
          done
        done

        exit ${error}