-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds some infra to warn on files which changed in the PR but aren't accounted for #2901
Closed
Closed
Changes from all commits
Commits
Show all changes
4 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,9 +2,16 @@ | |
| // yarn danger pr https://github.com/microsoft/TypeScript-Website/pull/115 | ||
|
|
||
| import spellcheck from "danger-plugin-spellcheck" | ||
|
|
||
| // Blocked on PR deploys, see CI.yml | ||
| // import lighthouse from "danger-plugin-lighthouse" | ||
| import { warn, danger } from "danger" | ||
| import { execSync } from "child_process" | ||
|
|
||
| // Spell check all the things | ||
| spellcheck({ settings: "microsoft/[email protected]" }) | ||
|
|
||
| const gitStatus = execSync("git status --porcelain").toString() | ||
| if (gitStatus.includes("M")) { | ||
| const files = gitStatus.split("\n").filter(f => f.startsWith(" M ")).map(f => f.substr(3)) | ||
| const linksToChangedFiles = danger.github.utils.fileLinks(files) | ||
|
|
||
| warn(`There are un-staged changes to generated files: \n ${linksToChangedFiles}`) | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Even after reading through the comment thread at DefinitelyTyped/DefinitelyTyped#62638, I'm still not a fan of using an unprotected token. Making this token public means anyone could use it to attempt to DDoS GitHub and have it falsely attributed to the DangerBotOSS account, or DoS Danger by artificially using up its rate limit. If making this a secret is not viable for usability reasons, are there any other mechanisms that could be employed to avoid exposing the token?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not really sure why this needs a token at all, either; isn't this just a CI check that can fail and print out the files that were forgotten? a la https://github.com/microsoft/TypeScript/blob/main/.github/workflows/ci.yml#L239
I guess because this tries to print a fancy comment?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's because you need a token to make a comment on an issue, yes!
Yep, it's a comment because no-one would read a non-failing CI build for things like warnings
I did explore having a central github app danger/danger-js#1126 but it requires giving too much github access to the bot IMO, and I didn't want to centralize that many people's tokens on my spare time