-
Notifications
You must be signed in to change notification settings - Fork 138
159 lines (140 loc) · 6.31 KB
/
auto-format.yml
File metadata and controls
159 lines (140 loc) · 6.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
name: Auto Format
on:
pull_request:
branches: ["*"]
push:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
auto-format:
# On PRs: skip forks (can't push back), changeset release PRs (machine-generated),
# and Dependabot PRs. Dependabot-triggered workflows cannot read the internal
# app token secrets used for formatter pushes.
# On push to main: always run.
if: >-
github.event_name == 'push' ||
(github.event.pull_request.head.repo.full_name == github.repository &&
github.head_ref != 'changeset-release/main' &&
github.actor != 'dependabot[bot]')
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
contents: write
pull-requests: read
steps:
- name: Check if PR is still open
if: github.event_name == 'pull_request'
id: pr-check
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
PR_STATE=$(gh pr view ${{ github.event.pull_request.number }} \
--repo ${{ github.repository }} --json state --jq '.state')
if [ "$PR_STATE" != "OPEN" ]; then
echo "PR is $PR_STATE — skipping auto-format (branch likely deleted)"
echo "skip=true" >> $GITHUB_OUTPUT
else
echo "skip=false" >> $GITHUB_OUTPUT
fi
- name: Checkout code
if: steps.pr-check.outputs.skip != 'true'
id: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
continue-on-error: true
with:
# On PRs, check out the PR branch so we push back to it.
# On push, check out the default ref (main).
ref: ${{ github.event_name == 'pull_request' && github.head_ref || github.ref }}
token: ${{ secrets.GITHUB_TOKEN }}
- name: Log checkout failure
if: steps.pr-check.outputs.skip != 'true' && steps.checkout.outcome == 'failure'
run: |
echo "::notice::Checkout failed — branch was likely deleted (PR merged). Skipping."
# Generate a GitHub App token so that auto-commits trigger downstream CI
# workflows. The default GITHUB_TOKEN's commits are ignored by GitHub to
# prevent infinite loops.
- name: Generate GitHub App Token
id: app-token
if: steps.pr-check.outputs.skip != 'true' && steps.checkout.outcome == 'success'
uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1
with:
app-id: ${{ secrets.INTERNAL_CI_APP_ID }}
private-key: ${{ secrets.INTERNAL_CI_APP_PRIVATE_KEY }}
- name: Setup Node.js
if: steps.pr-check.outputs.skip != 'true' && steps.checkout.outcome == 'success'
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
with:
node-version: 22.x
- name: Setup pnpm
if: steps.pr-check.outputs.skip != 'true' && steps.checkout.outcome == 'success'
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
with:
version: 10.33.0
run_install: false
- name: Get pnpm store directory
if: steps.pr-check.outputs.skip != 'true' && steps.checkout.outcome == 'success'
shell: bash
run: echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
- name: Prepare directories
if: steps.pr-check.outputs.skip != 'true' && steps.checkout.outcome == 'success'
run: |
mkdir -p agents-docs/.source
touch agents-docs/.source/index.ts
- name: Setup pnpm cache
if: steps.pr-check.outputs.skip != 'true' && steps.checkout.outcome == 'success'
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
with:
path: ${{ env.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: ${{ runner.os }}-pnpm-store-
- name: Install dependencies
if: steps.pr-check.outputs.skip != 'true' && steps.checkout.outcome == 'success'
run: pnpm install --frozen-lockfile
env:
HUSKY: 0
- name: Run formatter
if: steps.pr-check.outputs.skip != 'true' && steps.checkout.outcome == 'success'
run: pnpm format
- name: Check for changes
if: steps.pr-check.outputs.skip != 'true' && steps.checkout.outcome == 'success'
id: changes
run: |
if [ -n "$(git status --porcelain)" ]; then
echo "has_changes=true" >> $GITHUB_OUTPUT
else
echo "has_changes=false" >> $GITHUB_OUTPUT
fi
- name: Commit and push formatting fixes
if: steps.pr-check.outputs.skip != 'true' && steps.checkout.outcome == 'success' && steps.changes.outputs.has_changes == 'true'
env:
PUSH_REF: ${{ github.event_name == 'pull_request' && github.head_ref || github.ref_name }}
APP_TOKEN: ${{ steps.app-token.outputs.token }}
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add -u
git commit -m "style: auto-format with biome"
# Use GitHub App token so the push triggers downstream CI workflows.
# The default GITHUB_TOKEN's commits are ignored by GitHub to prevent loops.
if [ -n "$APP_TOKEN" ]; then
git remote set-url origin "https://x-access-token:${APP_TOKEN}@github.com/${GITHUB_REPOSITORY}.git"
fi
# Verify remote branch still exists before pushing
if ! git ls-remote --exit-code --heads origin "$PUSH_REF" > /dev/null 2>&1; then
echo "::notice::Remote branch '$PUSH_REF' no longer exists (PR likely merged). Skipping push."
exit 0
fi
for i in 1 2 3; do
git push && break
echo "Push failed, attempting pull --rebase and retry ($i/3)"
# Check branch still exists before retry
if ! git ls-remote --exit-code --heads origin "$PUSH_REF" > /dev/null 2>&1; then
echo "::notice::Remote branch '$PUSH_REF' was deleted during retry. Skipping."
exit 0
fi
git pull --rebase origin "$PUSH_REF" || exit 1
sleep $((i * 2))
done