zed/.github/workflows/danger.yml

name: Danger

on:
  pull_request:
    branches: [main]
    types:
      - opened
      - synchronize
      - reopened
      - edited

jobs:
  danger:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4

      - uses: pnpm/action-setup@v3
        with:
          version: 9

      - name: Setup Node
        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4
        with:
          node-version: "20"
          cache: "pnpm"
          cache-dependency-path: "script/danger/pnpm-lock.yaml"

      - run: pnpm install --dir script/danger

      - name: Run Danger
        run: pnpm run --dir script/danger danger ci
        env:
          # This GitHub token is not used, but the value needs to be here to prevent
          # Danger from throwing an error.
          GITHUB_TOKEN: "not_a_real_token"
          # All requests are instead proxied through an instance of
          # https://github.com/maxdeviant/danger-proxy that allows Danger to securely
          # authenticate with GitHub while still being able to run on PRs from forks.
          DANGER_GITHUB_API_BASE_URL: "https://danger-proxy.fly.dev/github"
Setup Danger (#6994) This PR sets up [Danger](https://danger.systems/js/) to help us codify some of our PR rules. As an initial rule, Danger will check to ensure that every PR has a `Release Notes` section: <img width="943" alt="Screenshot 2024-01-29 at 11 50 12 AM" src="https://github.com/zed-industries/zed/assets/1486634/4d56e759-e72f-4bc0-8e74-42c55e2e6888"> Release Notes: - N/A 2024-01-29 16:58:24 +00:00			`name: Danger`

			`on:`
Format YAML files (#7887) This PR formats the YAML files in the repo with Prettier. Release Notes: - N/A 2024-02-16 03:04:57 +00:00			`pull_request:`
			`branches: [main]`
			`types:`
			`- opened`
			`- synchronize`
			`- reopened`
			`- edited`
Setup Danger (#6994) This PR sets up [Danger](https://danger.systems/js/) to help us codify some of our PR rules. As an initial rule, Danger will check to ensure that every PR has a `Release Notes` section: <img width="943" alt="Screenshot 2024-01-29 at 11 50 12 AM" src="https://github.com/zed-industries/zed/assets/1486634/4d56e759-e72f-4bc0-8e74-42c55e2e6888"> Release Notes: - N/A 2024-01-29 16:58:24 +00:00
			`jobs:`
Format YAML files (#7887) This PR formats the YAML files in the repo with Prettier. Release Notes: - N/A 2024-02-16 03:04:57 +00:00			`danger:`
			`runs-on: ubuntu-latest`
Setup Danger (#6994) This PR sets up [Danger](https://danger.systems/js/) to help us codify some of our PR rules. As an initial rule, Danger will check to ensure that every PR has a `Release Notes` section: <img width="943" alt="Screenshot 2024-01-29 at 11 50 12 AM" src="https://github.com/zed-industries/zed/assets/1486634/4d56e759-e72f-4bc0-8e74-42c55e2e6888"> Release Notes: - N/A 2024-01-29 16:58:24 +00:00
Format YAML files (#7887) This PR formats the YAML files in the repo with Prettier. Release Notes: - N/A 2024-02-16 03:04:57 +00:00			`steps:`
Pin dependencies (#15188) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [2428392/gh-truncate-string-action](https://togithub.com/2428392/gh-truncate-string-action) \| action \| pinDigest \| -> `67b1b81` \| \| [actions/checkout](https://togithub.com/actions/checkout) \| action \| pinDigest \| -> `692973e` \| \| [actions/checkout](https://togithub.com/actions/checkout) \| action \| pinDigest \| -> `ee0669b` \| \| [actions/setup-node](https://togithub.com/actions/setup-node) \| action \| pinDigest \| -> `1e60f62` \| \| [actions/setup-python](https://togithub.com/actions/setup-python) \| action \| pinDigest \| -> `39cd149` \| \| [actions/upload-artifact](https://togithub.com/actions/upload-artifact) \| action \| pinDigest \| -> `0b2256b` \| \| [cloudflare/wrangler-action](https://togithub.com/cloudflare/wrangler-action) \| action \| pinDigest \| -> `f84a562` \| \| [dcarbone/install-jq-action](https://togithub.com/dcarbone/install-jq-action) \| action \| pinDigest \| -> `8867ddb` \| \| [peaceiris/actions-mdbook](https://togithub.com/peaceiris/actions-mdbook) \| action \| pinDigest \| -> `ee69d23` \| \| [rui314/setup-mold](https://togithub.com/rui314/setup-mold) \| action \| pinDigest \| -> `2e332a0` \| \| [softprops/action-gh-release](https://togithub.com/softprops/action-gh-release) \| action \| pinDigest \| -> `de2c0eb` \| \| [swatinem/rust-cache](https://togithub.com/swatinem/rust-cache) \| action \| pinDigest \| -> `23bce25` \| \| [tsickert/discord-webhook](https://togithub.com/tsickert/discord-webhook) \| action \| pinDigest \| -> `c840d45` \| --- ### Configuration 📅 Schedule: Branch creation - "after 3pm on Wednesday" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 Immortal: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- Release Notes: - N/A <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM3LjQzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> 2024-07-25 13:19:05 +00:00			`- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4`
Setup Danger (#6994) This PR sets up [Danger](https://danger.systems/js/) to help us codify some of our PR rules. As an initial rule, Danger will check to ensure that every PR has a `Release Notes` section: <img width="943" alt="Screenshot 2024-01-29 at 11 50 12 AM" src="https://github.com/zed-industries/zed/assets/1486634/4d56e759-e72f-4bc0-8e74-42c55e2e6888"> Release Notes: - N/A 2024-01-29 16:58:24 +00:00
Format YAML files (#7887) This PR formats the YAML files in the repo with Prettier. Release Notes: - N/A 2024-02-16 03:04:57 +00:00			`- uses: pnpm/action-setup@v3`
			`with:`
danger: Upgrade to pnpm v9 (#13051) This PR upgrades Danger to use pnpm v9. Release Notes: - N/A 2024-06-14 15:08:15 +00:00			`version: 9`
Setup Danger (#6994) This PR sets up [Danger](https://danger.systems/js/) to help us codify some of our PR rules. As an initial rule, Danger will check to ensure that every PR has a `Release Notes` section: <img width="943" alt="Screenshot 2024-01-29 at 11 50 12 AM" src="https://github.com/zed-industries/zed/assets/1486634/4d56e759-e72f-4bc0-8e74-42c55e2e6888"> Release Notes: - N/A 2024-01-29 16:58:24 +00:00
Format YAML files (#7887) This PR formats the YAML files in the repo with Prettier. Release Notes: - N/A 2024-02-16 03:04:57 +00:00			`- name: Setup Node`
Pin dependencies (#15188) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [2428392/gh-truncate-string-action](https://togithub.com/2428392/gh-truncate-string-action) \| action \| pinDigest \| -> `67b1b81` \| \| [actions/checkout](https://togithub.com/actions/checkout) \| action \| pinDigest \| -> `692973e` \| \| [actions/checkout](https://togithub.com/actions/checkout) \| action \| pinDigest \| -> `ee0669b` \| \| [actions/setup-node](https://togithub.com/actions/setup-node) \| action \| pinDigest \| -> `1e60f62` \| \| [actions/setup-python](https://togithub.com/actions/setup-python) \| action \| pinDigest \| -> `39cd149` \| \| [actions/upload-artifact](https://togithub.com/actions/upload-artifact) \| action \| pinDigest \| -> `0b2256b` \| \| [cloudflare/wrangler-action](https://togithub.com/cloudflare/wrangler-action) \| action \| pinDigest \| -> `f84a562` \| \| [dcarbone/install-jq-action](https://togithub.com/dcarbone/install-jq-action) \| action \| pinDigest \| -> `8867ddb` \| \| [peaceiris/actions-mdbook](https://togithub.com/peaceiris/actions-mdbook) \| action \| pinDigest \| -> `ee69d23` \| \| [rui314/setup-mold](https://togithub.com/rui314/setup-mold) \| action \| pinDigest \| -> `2e332a0` \| \| [softprops/action-gh-release](https://togithub.com/softprops/action-gh-release) \| action \| pinDigest \| -> `de2c0eb` \| \| [swatinem/rust-cache](https://togithub.com/swatinem/rust-cache) \| action \| pinDigest \| -> `23bce25` \| \| [tsickert/discord-webhook](https://togithub.com/tsickert/discord-webhook) \| action \| pinDigest \| -> `c840d45` \| --- ### Configuration 📅 Schedule: Branch creation - "after 3pm on Wednesday" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 Immortal: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- Release Notes: - N/A <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MzguMCIsInVwZGF0ZWRJblZlciI6IjM3LjQzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> 2024-07-25 13:19:05 +00:00			`uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4`
Format YAML files (#7887) This PR formats the YAML files in the repo with Prettier. Release Notes: - N/A 2024-02-16 03:04:57 +00:00			`with:`
			`node-version: "20"`
			`cache: "pnpm"`
			`cache-dependency-path: "script/danger/pnpm-lock.yaml"`
Setup Danger (#6994) This PR sets up [Danger](https://danger.systems/js/) to help us codify some of our PR rules. As an initial rule, Danger will check to ensure that every PR has a `Release Notes` section: <img width="943" alt="Screenshot 2024-01-29 at 11 50 12 AM" src="https://github.com/zed-industries/zed/assets/1486634/4d56e759-e72f-4bc0-8e74-42c55e2e6888"> Release Notes: - N/A 2024-01-29 16:58:24 +00:00
Format YAML files (#7887) This PR formats the YAML files in the repo with Prettier. Release Notes: - N/A 2024-02-16 03:04:57 +00:00			`- run: pnpm install --dir script/danger`
Setup Danger (#6994) This PR sets up [Danger](https://danger.systems/js/) to help us codify some of our PR rules. As an initial rule, Danger will check to ensure that every PR has a `Release Notes` section: <img width="943" alt="Screenshot 2024-01-29 at 11 50 12 AM" src="https://github.com/zed-industries/zed/assets/1486634/4d56e759-e72f-4bc0-8e74-42c55e2e6888"> Release Notes: - N/A 2024-01-29 16:58:24 +00:00
Format YAML files (#7887) This PR formats the YAML files in the repo with Prettier. Release Notes: - N/A 2024-02-16 03:04:57 +00:00			`- name: Run Danger`
			`run: pnpm run --dir script/danger danger ci`
			`env:`
Proxy Danger requests through a proxy service (#10395) This PR updates Danger to proxy its requests to GitHub through a proxy service. ## Motivation Currently Danger is not able to run on PRs opened from forks of Zed. This is due to GitHub Actions' security policies. Forks are not able to see any of the repository secrets, and the built-in `secrets.GITHUB_TOKEN` has its permissions [restricted](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) to only reads when running on forks. I asked around on the Danger repo, and some big projects (DefinitelyTyped) are working around this by using a publicly-listed (although slightly obfuscated) token: https://github.com/danger/danger-js/issues/918#issuecomment-2048629487. While this approach is _probably_ okay given the limited scope and permissions of the GitHub token, I would still prefer a solution that avoids disclosing the token at all. ## Explanation I ended up writing a small proxy service, [Danger Proxy](https://github.com/maxdeviant/danger-proxy), that can be used to provide Danger with the ability to make authenticated GitHub requests, but without disclosing the token. From the README: > Danger Proxy will: > > - Proxy all requests to `/github/*` to the GitHub API. The provided GitHub API token will be used for authentication. > - Restrict requests to the list of repositories specified in the `ALLOWED_REPOS` environment variable. > - Restrict requests to the subset of the GitHub API that Danger requires. I have an instance of this service deployed to [danger-proxy.fly.dev](https://danger-proxy.fly.dev/). Release Notes: - N/A 2024-04-11 04:01:20 +00:00			`# This GitHub token is not used, but the value needs to be here to prevent`
			`# Danger from throwing an error.`
			`GITHUB_TOKEN: "not_a_real_token"`
			`# All requests are instead proxied through an instance of`
			`# https://github.com/maxdeviant/danger-proxy that allows Danger to securely`
			`# authenticate with GitHub while still being able to run on PRs from forks.`
			`DANGER_GITHUB_API_BASE_URL: "https://danger-proxy.fly.dev/github"`