1use gh_workflow::*;
 2
 3use crate::tasks::workflows::steps::{CommonJobConditions, NamedJob, named};
 4
 5use super::{runners, steps};
 6
 7/// Generates the danger.yml workflow
 8pub fn danger() -> Workflow {
 9    let danger = danger_job();
10
11    named::workflow()
12        .on(
13            Event::default().pull_request(PullRequest::default().add_branch("main").types([
14                PullRequestType::Opened,
15                PullRequestType::Synchronize,
16                PullRequestType::Reopened,
17                PullRequestType::Edited,
18            ])),
19        )
20        .add_job(danger.name, danger.job)
21}
22
23fn danger_job() -> NamedJob {
24    pub fn install_deps() -> Step<Run> {
25        named::bash("pnpm install --dir script/danger")
26    }
27
28    pub fn run() -> Step<Run> {
29        named::bash("pnpm run --dir script/danger danger ci")
30            // This GitHub token is not used, but the value needs to be here to prevent
31            // Danger from throwing an error.
32            .add_env(("GITHUB_TOKEN", "not_a_real_token"))
33            // All requests are instead proxied through a proxy that allows Danger to securely authenticate with GitHub
34            // while still being able to run on PRs from forks.
35            .add_env((
36                "DANGER_GITHUB_API_BASE_URL",
37                "https://danger-proxy.zed.dev/github",
38            ))
39    }
40
41    NamedJob {
42        name: "danger".to_string(),
43        job: Job::default()
44            .with_repository_owner_guard()
45            .runs_on(runners::LINUX_SMALL)
46            .add_step(steps::checkout_repo())
47            .add_step(steps::setup_pnpm())
48            .add_step(
49                steps::setup_node()
50                    .add_with(("cache", "pnpm"))
51                    .add_with(("cache-dependency-path", "script/danger/pnpm-lock.yaml")),
52            )
53            .add_step(install_deps())
54            .add_step(run()),
55    }
56}