1use gh_workflow::*;
 2
 3use crate::tasks::workflows::steps::named;
 4
 5use super::{runners, steps};
 6
 7/// Generates the danger.yml workflow
 8pub fn danger() -> Workflow {
 9    named::workflow()
10        .on(
11            Event::default().pull_request(PullRequest::default().add_branch("main").types([
12                PullRequestType::Opened,
13                PullRequestType::Synchronize,
14                PullRequestType::Reopened,
15                PullRequestType::Edited,
16            ])),
17        )
18        .add_job(
19            "danger",
20            Job::default()
21                .cond(Expression::new(
22                    "github.repository_owner == 'zed-industries'",
23                ))
24                .runs_on(runners::LINUX_CHEAP)
25                .add_step(steps::checkout_repo())
26                .add_step(steps::setup_pnpm())
27                .add_step(
28                    steps::setup_node()
29                        .add_with(("cache", "pnpm"))
30                        .add_with(("cache-dependency-path", "script/danger/pnpm-lock.yaml")),
31                )
32                .add_step(install_deps())
33                .add_step(run()),
34        )
35}
36
37pub fn install_deps() -> Step<Run> {
38    named::bash("pnpm install --dir script/danger")
39}
40
41pub fn run() -> Step<Run> {
42    named::bash("pnpm run --dir script/danger danger ci")
43        // This GitHub token is not used, but the value needs to be here to prevent
44        // Danger from throwing an error.
45        .add_env(("GITHUB_TOKEN", "not_a_real_token"))
46        // All requests are instead proxied through an instance of
47        // https://github.com/maxdeviant/danger-proxy that allows Danger to securely
48        // authenticate with GitHub while still being able to run on PRs from forks.
49        .add_env((
50            "DANGER_GITHUB_API_BASE_URL",
51            "https://danger-proxy.fly.dev/github",
52        ))
53}