find a way to pin the SHA for detekt workflow template

This commit is contained in:
anaarmas
2021-11-23 21:14:53 +01:00
parent 42dcf88eb9
commit c4dadecc05
+13 -4
View File
@@ -53,21 +53,30 @@ jobs:
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
DETEKT_DOWNLOAD_URL=$( gh api graphql --field tagName=$DETEKT_RELEASE_TAG --raw-field query='
gh api graphql --field tagName=$DETEKT_RELEASE_TAG --raw-field query='
query getReleaseAssetDownloadUrl($tagName: String!) {
repository(name: "detekt", owner: "detekt") {
release(tagName: $tagName) {
# it doesn't look like there is an alternative semantics for this with a specific SHA, is this release tag immutable?
releaseAssets(name: "detekt", first: 1) {
nodes {
downloadUrl
}
}
tagCommit {
oid
}
}
}
}
' | \
jq --raw-output '.data.repository.release.releaseAssets.nodes[0].downloadUrl' )
' 1> gh_response.json
DETEKT_RELEASE_SHA=$(jq --raw-output '.data.repository.release.releaseAssets.tagCommit.oid' gh_response.json)
if [ $DETEKT_RELEASE_SHA != "37f0a1d006977512f1f216506cd695039607c3e5" ]; then
echo "Release tag doesn't match expected commit SHA"
exit 1
fi
DETEKT_DOWNLOAD_URL=$(jq --raw-output '.data.repository.release.releaseAssets.nodes[0].downloadUrl' gh_response.json)
echo "::set-output name=download_url::$DETEKT_DOWNLOAD_URL"
# Sets up the detekt cli