[Snyk] Security upgrade jsonpickle from 3.0.4 to 3.3.0 #18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release-summary | |
on: | |
pull_request: | |
paths: | |
- "plugins/source/**" | |
- ".github/workflows/release_summary.yml" | |
jobs: | |
trigger-summary: | |
runs-on: ubuntu-latest | |
name: Commits Check | |
# only run on release-please branches | |
if: startsWith(github.head_ref, 'release-please--branches--main--components--plugins-source') | |
outputs: | |
result: ${{ steps.pr-commits.outputs.result }} | |
steps: | |
- uses: actions/github-script@v7 | |
name: Check number of commits | |
id: pr-commits | |
with: | |
result-encoding: string | |
script: | | |
const { data: commits } = await github.rest.pulls.listCommits({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
pull_number: context.issue.number, | |
}) | |
// only run if there is one commit to avoid a recursive workflow run | |
const cqBotCommits = commits.filter(commit => commit.author.login === 'cq-bot') | |
return cqBotCommits.length === 1 ? 'true' : 'false' | |
release-summary: | |
needs: trigger-summary | |
if: needs.trigger-summary.outputs.result == 'true' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
# required so the commit triggers workflow runs | |
token: ${{ secrets.GH_CQ_BOT }} | |
- name: Get plugin name | |
id: plugin | |
run: | | |
branch=${{ github.head_ref }} | |
plugin_name=$(echo $branch | cut -d- -f12) | |
echo "name=${plugin_name}" >> $GITHUB_OUTPUT | |
- name: Get latest tag | |
id: tag | |
run: | | |
tag_prefix='plugins-source-${{ steps.plugin.outputs.name }}-*' | |
if [[ $(git tag --list "${tag_prefix}" | wc -l) -gt 0 ]]; then | |
tag=$(git describe --tags --match "${tag_prefix}" --abbrev=0) | |
else | |
echo "Use empty git tree as diff base" | |
tag=$(git hash-object -t tree /dev/null) | |
fi | |
echo "latest=${tag}" >> $GITHUB_OUTPUT | |
- name: Generate diff | |
run: | | |
git diff ${{ steps.tag.outputs.latest }}..HEAD -- plugins/source/${{ steps.plugin.outputs.name }}/docs/tables > scripts/table_diff/diff.txt | |
- name: Set up Go 1.x | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: scripts/table_diff/go.mod | |
cache: true | |
cache-dependency-path: scripts/table_diff/go.sum | |
- name: Generate docs changes file | |
working-directory: scripts/table_diff | |
run: | | |
go run main.go diff.txt changes.json | |
- uses: actions/github-script@v7 | |
name: Get doc changes string | |
id: get-changes | |
with: | |
result-encoding: string | |
script: | | |
const { promises: fs } = require('fs') | |
const changes = JSON.parse(await fs.readFile('scripts/table_diff/changes.json', 'utf8')) | |
if (changes.length === 0) { | |
console.log('No changes to tables') | |
return "" | |
} | |
const changesList = changes.map(change => { | |
const { breaking, text } = change | |
if (breaking) { | |
return `- ${text} (:warning: breaking)` | |
} | |
return `- ${text}` | |
}).join('\n') | |
return changesList | |
- uses: actions/github-script@v7 | |
name: Update changelog | |
if: ${{ steps.get-changes.outputs.result != '' }} | |
env: | |
PLUGIN_NAME: '${{ steps.plugin.outputs.name }}' | |
CHANGES: '${{ steps.get-changes.outputs.result }}' | |
with: | |
script: | | |
const fs = require('fs') | |
const changelogPath = `plugins/source/${process.env.PLUGIN_NAME}/CHANGELOG.md` | |
const changes = process.env.CHANGES.replaceAll('\\n', '\n') | |
const currentChangelog = fs.readFileSync(changelogPath, 'utf8') | |
const title = 'This Release has the Following Changes to Tables' | |
// Move summary after breaking changes if they exist | |
const newlyAddedSection = currentChangelog.split("## [")[0] | |
const sliceIndex = newlyAddedSection.includes("BREAKING CHANGES") ? 2 : 1 | |
const changelogParts = currentChangelog.split('###') | |
const newChangelog = [...changelogParts.slice(0, sliceIndex), ` ${title}\n${changes}\n\n`, ...changelogParts.slice(sliceIndex)].join('###') | |
fs.writeFileSync(changelogPath, newChangelog) | |
- uses: actions/github-script@v7 | |
name: Update PR description | |
if: ${{ steps.get-changes.outputs.result != '' }} | |
env: | |
PR_BODY: '${{ github.event.pull_request.body }}' | |
PR_NUMBER: '${{ github.event.number }}' | |
CHANGES: '${{ steps.get-changes.outputs.result }}' | |
with: | |
script: | | |
const currentDescription = process.env.PR_BODY | |
const changes = process.env.CHANGES.replaceAll('\\n', '\n') | |
const currentDescriptionParts = currentDescription.split('###') | |
const title = 'This Release has the Following Changes to Tables' | |
// Move summary after breaking changes if they exist | |
const sliceIndex = currentDescription.includes("BREAKING CHANGES") ? 2 : 1 | |
const newDescription = [...currentDescriptionParts.slice(0, sliceIndex), ` ${title}\n${changes}\n\n`, ...currentDescriptionParts.slice(sliceIndex)].join('###') | |
await github.rest.pulls.update({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
pull_number: process.env.PR_NUMBER, | |
body: newDescription | |
}) | |
- uses: stefanzweifel/git-auto-commit-action@v4 | |
if: ${{ steps.get-changes.outputs.result != '' }} | |
with: | |
commit_message: "chore: Add tables changes to changelog" | |
file_pattern: "plugins/source/${{ steps.plugin.outputs.name }}/CHANGELOG.md" | |
author: cq-bot <cq-bot@users.noreply.github.com> |