tomteb
/
carbon-lang


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970
							# Part of the Carbon Language project, under the Apache License v2.0 with LLVM
# Exceptions. See /LICENSE for license information.
# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception

name: pre-commit

on:
  pull_request:
  merge_group:
  push:
    branches: [trunk]

permissions:
  contents: read # For actions/checkout.

jobs:
  pre-commit:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
        with:
          disable-sudo: true
          egress-policy: block
          # When adding endpoints, see README.md.
          # prettier-ignore
          allowed-endpoints: >
            *.dl.sourceforge.net:443
            api.github.com:443
            bcr.bazel.build:443
            downloads.sourceforge.net:443
            files.pythonhosted.org:443
            github.com:443
            mirror.bazel.build:443
            nodejs.org:443
            objects.githubusercontent.com:443
            pypi.org:443
            registry.npmjs.org:443
            releases.bazel.build:443
            storage.googleapis.com:443
            sourceforge.net:443

      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
      - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0

      # Ensure LLVM is set up consistently.
      - uses: ./.github/actions/build-setup-common
        with:
          matrix_runner: ubuntu-latest
          remote_cache_upload: '--remote_upload_local_results=false'

      - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1

      # We want to automatically create github suggestions for pre-commit file
      # changes for a pull request. But `pull_request` actions never have write
      # permissions to the repository, so we create the suggestions in a separate
      # privileged `workflow_run` action in pre_commit_suggestions.yaml. Here,
      # we upload the diffs and event configuration to an artifact for use by
      # that action.
      - name: Collect pre-commit output
        if: failure()
        run: |
          mkdir -p pre-commit-output
          git diff > pre-commit-output/diff
          cp $GITHUB_EVENT_PATH pre-commit-output/event
      - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
        if: failure()
        with:
          name: pre-commit output
          path: pre-commit-output/*