diff --git a/.github/actions/checkout-pr/action.yml b/.github/actions/checkout-pr/action.yml new file mode 100644 index 0000000..d84daf3 --- /dev/null +++ b/.github/actions/checkout-pr/action.yml @@ -0,0 +1,25 @@ +name: 'Checkout PR' +description: >- + Checkout the exact number of PR commits + 1 (base_ref). +inputs: + jobname: + default: ${{ github.job }} +runs: + using: "composite" + steps: + - name: 'PR commits + 1' + shell: bash + run: echo "PR_FETCH_DEPTH=$(( ${{ github.event.pull_request.commits }} + 1 ))" >> "${GITHUB_ENV}" + + - name: 'Checkout PR branch and all PR commits' + uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.ref }} + fetch-depth: ${{ env.PR_FETCH_DEPTH }} + lfs: true + + - name: 'Fetch the other branch with enough history for a common merge-base commit' + shell: bash + run: | + git fetch origin ${{ github.event.pull_request.base.ref }} + git log -n 1 diff --git a/README.md b/README.md index f342920..eca7a0d 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,22 @@ Collection of shared github actions which are used in our org. +## PR Checkout + +The checkout PR action will fetch only the commits that belong to the PR. +This is required for various code analysis tooling, including sonarcloud. + +Example usage: + +``` +jobs: + golangci-lint: + runs-on: ubuntu-latest + steps: + - name: Checkout PR + uses: TykTechnologies/github-actions/.github/actions/checkout-pr@main +``` + ## OWASP scanner Example usage: