-
-
Notifications
You must be signed in to change notification settings - Fork 133
/
README.md
83 lines (60 loc) · 2.77 KB
/
README.md
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
this action is in maintenance-only mode and will not be accepting new features.
generally you want to use [pre-commit.ci] which is faster and has more features.
[pre-commit.ci]: https://pre-commit.ci
___
[![pre-commit.ci status](https://results.pre-commit.ci/badge/github/pre-commit/action/main.svg)](https://results.pre-commit.ci/latest/github/pre-commit/action/main)
[![Build Status](https://github.com/pre-commit/action/actions/workflows/main.yml/badge.svg)](https://github.com/pre-commit/action/actions)
pre-commit/action
=================
a GitHub action to run [pre-commit](https://pre-commit.com)
### using this action
To use this action, make a file `.github/workflows/pre-commit.yml`. Here's a
template to get started:
```yaml
name: pre-commit
on:
pull_request:
push:
branches: [main]
jobs:
pre-commit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
- uses: pre-commit/action@v3.0.1
```
This does a few things:
- clones the code
- installs python
- sets up the `pre-commit` cache
### using this action with custom invocations
By default, this action runs all the hooks against all the files. `extra_args`
lets users specify a single hook id and/or options to pass to `pre-commit run`.
Here's a sample step configuration that only runs the `flake8` hook against all
the files (use the template above except for the `pre-commit` action):
```yaml
- uses: pre-commit/action@v3.0.1
with:
extra_args: flake8 --all-files
```
### using this action in private repositories
prior to v3.0.0, this action had custom behaviour which pushed changes back to
the pull request when supplied with a `token`.
this behaviour was removed:
- it required a PAT (didn't work with short-lived `GITHUB_TOKEN`)
- properly hiding this `input` from the installation and execution of hooks
is intractable in github actions (it is readily available as `$INPUT_TOKEN`)
- this meant potentially unvetted code could access the token via the
environment
you can _likely_ achieve the same thing with an external action such as
[git-auto-commit-action] though you may want to take precautions to clear `git`
hooks or other ways that arbitrary code execution can occur when running
`git commit` / `git push` (for example [core.fsmonitor]).
while unrelated to this action, [pre-commit.ci] avoids these problems by
installing and executing isolated from the short-lived repository-scoped
[installation access token].
[git-auto-commit-action]: https://github.com/stefanzweifel/git-auto-commit-action
[core.fsmonitor]: https://github.blog/2022-04-12-git-security-vulnerability-announced/
[pre-commit.ci]: https://pre-commit.ci
[installation access token]: https://docs.github.com/en/rest/apps/apps#create-an-installation-access-token-for-an-app