Closed Le0X8 closed 2 weeks ago
Great suggestion, however, I'm not sure what would be required in terms of permissions to push a branch from an action?
Did you consider using review mode? You can use that to explicitly accept or reject the formatting suggestions.
@mbrobbel No, this wouldn't fit my needs :D
Unfortunately I don't have time to figure this out anytime soon, but I'd happy to take a contribution or provide guidance.
@mbrobbel I will take a look on this in the next few days and will open a PR as soon as I'm done.
@mbrobbel I cannot figure out how I should commit to a newly created branch, could you help me with that?
It fails every time trying to updateRef
in pull mode here.
Can you try to update ref
to exclude refs/
so it becomes heads/rustfmt-${head.sha}
here?
This works absolutely fine. I'll just add the stuff to create a pull request from the new branch to the main one and open a PR in a few minutes.
One last thing: This code should work, it doesn't throw any errors, but no pull request is opened:
.then(async (_) => {
_;
const title = `Format code using rustfmt for ${head.ref}`;
const body = `
The code has been formatted automatically using rustfmt.
Please review the changes and merge if everything looks good.
---
Please delete the branch after merging or closing the pull request.
`;
return octokit.rest.pulls.create({
...context.repo,
title,
head: ref.replace("refs/heads/", ""),
base: head.ref.replace("refs/heads/", ""),
body,
});
}),
It looks fine. I think you forgot to update the output in dist
.
Yes. I totally forgot that 😅
Done.
Hi, I really like this action, but it lacks one key feature: you should be able to open a pull request using this action which can be reviewed by project maintainers to ensure code security. If the formatter messes things up, so changes don't get pushed to production automatically, and therefore supply chain attacks with manipulated formatting scripts would be way harder to perform.
Dependabot does this on every change, kindly asking to merge the PR instead of directly committing to the code base.