Skip to content

Commit

Permalink
Branch was updated using the 'autoupdate branch' Actions workflow.
Browse files Browse the repository at this point in the history
  • Loading branch information
Octomerger authored Oct 8, 2020
2 parents add1c8a + 7b8cd1a commit 9597ed4
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 25 deletions.
3 changes: 3 additions & 0 deletions .github/allowed-actions.js
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ module.exports = [
'actions/cache@v2',
'actions/checkout@v2',
'actions/[email protected]',
'actions/[email protected]',
'actions/github-script@v2',
'actions/github-script@v3',
'actions/labeler@v2',
Expand All @@ -25,6 +26,8 @@ module.exports = [
'pascalgn/automerge-action@135f0bdb927d9807b5446f7ca9ecc2c51de03c4a',
'peter-evans/create-issue-from-file@v2',
'peter-evans/create-pull-request@v2',
'rachmari/[email protected]',
'rachmari/[email protected]',
'repo-sync/github-sync@v2',
'repo-sync/pull-request@v2',
'rtCamp/action-slack-notify@master',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -84,24 +84,24 @@ The `github` context contains information about the workflow run and the event t
| Property name | Type | Description |
|---------------|------|-------------|
| `github` | `object` | The top-level context available during any job or step in a workflow. |
| `github.action` | `string` | The name of the action currently running. {% data variables.product.prodname_dotcom %} removes special characters or uses the name `run` when the current step runs a script. If you use the same action more than once in the same job, the name will include a suffix with the sequence number. For example, the first script you run will have the name `run1`, and the second script will be named `run2`. Similarly, the second invocation of `actions/checkout` will be `actionscheckout2`. |
| `github.action_path` | `string` | The path where your action is located. You can use this path to easily access files located in the same repository as your action. This attribute is only supported in composite run steps actions. |
| `github.actor` | `string` | The login of the user that initiated the workflow run. |
| `github.base_ref` | `string` | The `base_ref` or target branch of the pull request in a workflow run. This property is only available when the event that triggers a workflow run is a `pull_request`. |
| `github.event` | `object` | The full event webhook payload. For more information, see "[Events that trigger workflows](/articles/events-that-trigger-workflows/)." You can access individual properties of the event using this context. |
| `github.event_name` | `string` | The name of the event that triggered the workflow run. |
| `github.event_path` | `string` | The path to the full event webhook payload on the runner. |
| `github.workflow` | `string` | The name of the workflow. If the workflow file doesn't specify a `name`, the value of this property is the full path of the workflow file in the repository. |
| `github.head_ref` | `string` | The `head_ref` or source branch of the pull request in a workflow run. This property is only available when the event that triggers a workflow run is a `pull_request`. |
| `github.job` | `string` | The [`job_id`](/actions/reference/workflow-syntax-for-github-actions#jobsjob_id) of the current job. |
| `github.run_id` | `string` | {% data reusables.github-actions.run_id_description %} |
| `github.run_number` | `string` | {% data reusables.github-actions.run_number_description %} |
| `github.actor` | `string` | The login of the user that initiated the workflow run. |
| `github.ref` | `string` | The branch or tag ref that triggered the workflow run. |
| `github.repository` | `string` | The owner and repository name. For example, `Codertocat/Hello-World`. |
| `github.repository_owner` | `string` | The repository owner's name. For example, `Codertocat`. |
| `github.event_name` | `string` | The name of the event that triggered the workflow run. |
| `github.run_id` | `string` | {% data reusables.github-actions.run_id_description %} |
| `github.run_number` | `string` | {% data reusables.github-actions.run_number_description %} |
| `github.sha` | `string` | The commit SHA that triggered the workflow run. |
| `github.ref` | `string` | The branch or tag ref that triggered the workflow run. |
| `github.head_ref` | `string` | The `head_ref` or source branch of the pull request in a workflow run. This property is only available when the event that triggers a workflow run is a `pull_request`. |
| `github.base_ref` | `string` | The `base_ref` or target branch of the pull request in a workflow run. This property is only available when the event that triggers a workflow run is a `pull_request`. |
| `github.token` | `string` | A token to authenticate on behalf of the GitHub App installed on your repository. This is functionally equivalent to the `GITHUB_TOKEN` secret. For more information, see "[Authenticating with the GITHUB_TOKEN](/actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token)." |
| `github.workflow` | `string` | The name of the workflow. If the workflow file doesn't specify a `name`, the value of this property is the full path of the workflow file in the repository. |
| `github.workspace` | `string` | The default working directory for steps and the default location of your repository when using the [`checkout`](https://github.com/actions/checkout) action. |
| `github.action` | `string` | The name of the action currently running. {% data variables.product.prodname_dotcom %} removes special characters or uses the name `run` when the current step runs a script. If you use the same action more than once in the same job, the name will include a suffix with the sequence number. For example, the first script you run will have the name `run1`, and the second script will be named `run2`. Similarly, the second invocation of `actions/checkout` will be `actionscheckout2`. |
| `github.action_path` | `string` | The path where your action is located. You can use this path to easily access files located in the same repository as your action. This attribute is only supported in composite run steps actions.

#### **`env` context**

Expand All @@ -124,14 +124,14 @@ The `job` context contains information about the currently running job.
| Property name | Type | Description |
|---------------|------|-------------|
| `job` | `object` | This context changes for each job in a workflow run. You can access this context from any step in a job. |
| `job.status` | `string` | The current status of the job. Possible values are `success`, `failure`, or `cancelled`. |
| `job.container` | `object` | Information about the job's container. For more information about containers, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/articles/workflow-syntax-for-github-actions#jobsjob_idcontainer)." |
| `job.container.network` | `string` | The id of the container network. The runner creates the network used by all containers in a job. |
| `job.container.id` | `string` | The id of the container. |
| `job.container.network` | `string` | The id of the container network. The runner creates the network used by all containers in a job. |
| `job.services` | `object` | The service containers created for a job. For more information about service containers, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/articles/workflow-syntax-for-github-actions#jobsjob_idservices)." |
| `job.services.<service id>.id` | `string` | The id of the service container. |
| `job.services.<service id>.ports` | `object` | The exposed ports of the service container. |
| `job.services.<service id>.network` | `string` | The id of the service container network. The runner creates the network used by all containers in a job. |
| `job.services.<service id>.ports` | `object` | The exposed ports of the service container. |
| `job.status` | `string` | The current status of the job. Possible values are `success`, `failure`, or `cancelled`. |

#### **`steps` context**

Expand All @@ -141,9 +141,9 @@ The `steps` context contains information about the steps in the current job that
|---------------|------|-------------|
| `steps` | `object` | This context changes for each step in a job. You can access this context from any step in a job. |
| `steps.<step id>.outputs` | `object` | The set of outputs defined for the step. For more information, see "[Metadata syntax for {% data variables.product.prodname_actions %}](/articles/metadata-syntax-for-github-actions#outputs)." |
| `steps.<step id>.outputs.<output name>` | `string` | The value of a specific output. |
| `steps.<step id>.outcome` | `string` | The result of a completed step before [`continue-on-error`](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) is applied. Possible values are `success`, `failure`, `cancelled`, or `skipped`. When a `continue-on-error` step fails, the `outcome` is `failure`, but the final `conclusion` is `success`. |
| `steps.<step id>.conclusion` | `string` | The result of a completed step after [`continue-on-error`](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) is applied. Possible values are `success`, `failure`, `cancelled`, or `skipped`. When a `continue-on-error` step fails, the `outcome` is `failure`, but the final `conclusion` is `success`. |
| `steps.<step id>.outcome` | `string` | The result of a completed step before [`continue-on-error`](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) is applied. Possible values are `success`, `failure`, `cancelled`, or `skipped`. When a `continue-on-error` step fails, the `outcome` is `failure`, but the final `conclusion` is `success`. |
| `steps.<step id>.outputs.<output name>` | `string` | The value of a specific output. |

#### **`runner` context**

Expand All @@ -162,9 +162,9 @@ The `needs` context contains outputs from all jobs that are defined as a depende
| Property name | Type | Description |
|---------------|------|-------------|
| `needs.<job id>` | `object` | A single job that the current job depends on. |
| `needs.<job id>.result` | `string` | The result of a job that the current job depends on. Possible values are `success`, `failure`, or `cancelled`. |
| `needs.<job id>.outputs` | `object` | The set of outputs of a job that the current job depends on. |
| `needs.<job id>.outputs.<output name>` | `string` | The value of a specific output for a job that the current job depends on. |
| `needs.<job id>.result` | `string` | The result of a job that the current job depends on. Possible values are `success`, `failure`, or `cancelled`. |

#### Example printing context information to the log file

Expand Down
24 changes: 15 additions & 9 deletions tests/unit/actions-workflows.js
Original file line number Diff line number Diff line change
Expand Up @@ -19,17 +19,23 @@ function actionsUsedInWorkflow (workflow) {
.map(key => get(workflow, key))
}

const allUsedActions = chain(workflows)
.map(actionsUsedInWorkflow)
.flatten()
.uniq()
.sort()
.value()

describe('GitHub Actions workflows', () => {
test('only use allowed actions from ./github/allow-actions.json', async () => {
const allUsedActions = chain(workflows)
.map(actionsUsedInWorkflow)
.flatten()
.uniq()
.sort()
.value()
test('all used actions are allowed in .github/allowed-actions.js', () => {
expect(allUsedActions.length).toBeGreaterThan(0)
const unusedActions = difference(allowedActions, allUsedActions)
expect(unusedActions).toEqual([])
})

test('all allowed actions by .github/allowed-actions.js are used by at least one workflow', () => {
expect(allowedActions.length).toBeGreaterThan(0)
expect(allUsedActions.length).toBeGreaterThan(0)
expect(difference(allowedActions, allUsedActions)).toEqual([])
const disallowedActions = difference(allUsedActions, allowedActions)
expect(disallowedActions).toEqual([])
})
})

0 comments on commit 9597ed4

Please sign in to comment.