-
Notifications
You must be signed in to change notification settings - Fork 108
54 lines (49 loc) · 1.73 KB
/
release-asset-audit.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
name: Release Asset Audit
on:
workflow_dispatch:
release:
schedule:
# * is a special character in YAML so you have to quote this string
# Run once an hour
- cron: '5 * * * *'
pull_request:
paths:
- ".github/workflows/release-asset-audit.py"
- ".github/workflows/release-asset-audit.yml"
permissions:
contents: read # Default everything to read-only
jobs:
audit:
name: "Release Asset Audit"
runs-on: ubuntu-22.04
if: github.repository == 'llvm/llvm-project'
steps:
- uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb #v4.1.6
- name: "Run Audit Script"
env:
GITHUB_TOKEN: ${{ github.token }}
run: |
pip install --require-hashes -r ./llvm/utils/git/requirements.txt
python3 ./.github/workflows/release-asset-audit.py $GITHUB_TOKEN
- name: "File Issue"
if: >-
github.event_name != 'pull_request' &&
failure()
uses: actions/github-script@ffc2c79a5b2490bd33e0a41c1de74b877714d736 #v3.2.0
with:
github-token: ${{ secrets.ISSUE_SUBSCRIBER_TOKEN }}
script: |
var fs = require('fs');
var body = ''
if (fs.existsSync('./comment')) {
body = fs.readFileSync('./comment') + "\n\n";
}
body = body + `\n\nhttps://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}`
const issue = await github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: "Release Asset Audit Failed",
labels: ['infrastructure'],
body: body
});
console.log(issue);