fix(ci): replace manual Safety CLI with official Safety Action to fix… #52
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI Status Gate | ||
| on: | ||
| workflow_run: | ||
| workflows: ["CI", "Conductor Loop CI"] | ||
| types: [completed] | ||
| permissions: | ||
| contents: read | ||
| statuses: write # 允許寫入 commit statuses(必要) | ||
| jobs: | ||
| report-status: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Compute state from workflow_run.conclusion | ||
| id: s | ||
| shell: bash | ||
| run: | | ||
| set -euo pipefail | ||
| c="${{ github.event.workflow_run.conclusion || 'failure' }}" | ||
| case "$c" in | ||
| success) echo "state=success" >> $GITHUB_OUTPUT ;; | ||
| failure) echo "state=failure" >> $GITHUB_OUTPUT ;; | ||
| cancelled) echo "state=failure" >> $GITHUB_OUTPUT ;; # 視規則需求也可設為 "error" | ||
| timed_out) echo "state=failure" >> $GITHUB_OUTPUT ;; | ||
| action_required) echo "state=error" >> $GITHUB_OUTPUT ;; | ||
| *) echo "state=error" >> $GITHUB_OUTPUT ;; | ||
| esac | ||
| - name: Report commit status: CI Status Check | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| SHA: ${{ github.event.workflow_run.head_sha }} | ||
| TARGET_URL: ${{ github.event.workflow_run.html_url }} | ||
| OWNER_REPO: ${{ github.repository }} # 針對 base repo 寫狀態 | ||
| STATE: ${{ steps.s.outputs.state }} | ||
| run: | | ||
| set -euo pipefail | ||
| gh api \ | ||
| -X POST \ | ||
| -H "Accept: application/vnd.github+json" \ | ||
| repos/${OWNER_REPO}/statuses/${SHA} \ | ||
| -f state="${STATE}" \ | ||
| -f context="CI Status Check" \ | ||
| -f target_url="${TARGET_URL}" \ | ||
| -f description="${{ github.event.workflow_run.name }} overall: ${{ github.event.workflow_run.conclusion }}" | ||
