-
-
Notifications
You must be signed in to change notification settings - Fork 4
110 lines (96 loc) · 3.79 KB
/
pre-commit.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
---
name: 'pre-commit'
on: # yamllint disable-line rule:truthy
pull_request:
branches:
- 'main'
push:
branches:
- 'main'
workflow_dispatch:
inputs:
repoCache:
description: 'Reset or disable the cache?'
type: 'choice'
default: 'enabled'
options:
- 'enabled'
- 'disabled'
- 'reset'
permissions:
contents: 'read'
# Adding these as env variables makes it easy to re-use them in different steps and in bash.
env:
cache_archive: 'pre-commit_cache.tar.gz'
# This is the dir renovate provides
# If we set our own directory via cacheDir, we can run into permissions issues.
# It is also possible to cache a higher level of the directory, but it has minimal benefit. While renovate execution
# time gets faster, it also takes longer to upload the cache as it grows bigger.
cache_dir: '/tmp/.cache/pre-commit'
# This can be manually changed to bust the cache if neccessary.
cache_key: 'pre-commit-cache'
# File that contains the pre-commit hooks to skip
hook_skip_file: './.github/.pre-commit-skip-hooks'
jobs:
pre-commit:
permissions:
contents: 'write'
runs-on: 'ubuntu-latest'
steps:
- name: 'Harden Runner'
uses: 'step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6' # v2.8.1
with:
egress-policy: 'audit'
- name: 'Checkout repository'
uses: 'actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332' # v4.1.7
- name: 'Download cache of the previous workflow run'
uses: 'dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11' # v6
if: "github.event.inputs.repoCache != 'disabled'"
continue-on-error: true
with:
name: '${{ env.cache_key }}'
path: 'cache-download'
- name: 'Extract pre-commit cache to improve performance'
run: |
set -x
# Skip if no cache is set, such as the first time it runs.
if [ ! -d cache-download ] ; then
echo "No cache found."
exit 0
fi
# Make sure the directory exists, and extract it there. Note that it's nested in the download directory.
mkdir -p "${cache_dir}"
tar -xzf "cache-download/${cache_archive}" -C "${cache_dir}"
- name: 'Install Python'
uses: 'actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f' # v5.1.1
with:
python-version: '3.11'
- name: 'Install pre-commit'
run: |
# renovate: datasource=pypi
pip3 install pre-commit==3.7.1
mkdir -pv "${cache_dir}"
- name: 'Run pre-commit'
run: |
export PRE_COMMIT_HOME="${cache_dir}"
if [[ -f "${hook_skip_file}" ]]; then
export SKIP="$(tr '\n' ',' < "${hook_skip_file}")"
fi
pre-commit run --verbose --all-files --show-diff-on-failure
- name: 'Compress pre-commit cache to improve performance'
if: "github.event.inputs.repoCache != 'disabled'"
run: |
# The -C is important, as otherwise we end up extracting the files with
# their full path, ultimately leading to a nested directory situation.
tar -czf "${cache_archive}" -C "${cache_dir}" .
- name: 'Upload compressed cache'
uses: 'actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b' # v4.3.4
if: "github.event.inputs.repoCache != 'disabled'"
with:
name: '${{ env.cache_key }}'
path: '${{ env.cache_archive }}'
# Since this is updated and restored on every run, we don't need to keep it
# for long. Just make sure this value is large enough that multiple renovate
# runs can happen before older cache archives are deleted.
retention-days: 1
...