fix: Prettier action to write to files (#37)

* feat: test prettier with token * Prettified Code! * feat: test permissions * feat: test permission * Prettified Code! * feat: update permissions * feat: test contents write * Prettified Code! * feat: use token for permissions * Prettified Code! * feat: use separate workflow for prettier * feat: check prettier * fix: prettier yml * fix: test branch trigger and prettier * Prettified Code! * feat: test prettier * Prettified Code! * feat: test prettier * feat: test linter * feat: test prettier * Prettified Code! * feat: test token * feat: add space * feat: test prettier * feat: test prettier * feat: test prettier * feat: test prettier * Prettified Code! * feat: test prettier * feat: test prettier * Prettified Code! * feat: test prettier * Prettified Code! * feat: test prettier * Prettified Code! * feat: test prettier * fix: add needs * Prettified Code! * feat: test prettier * fix: fix yaml * Prettified Code! * feat: test prettier * Prettified Code! * feat: test prettier * Prettified Code! * feat: test prettier * feat: test prettier * feat: test prettier * Prettified Code! * feat: test prettier * Prettified Code! * feat: test prettier * Prettified Code! * feat: test prettier * Prettified Code! * feat: test prettier * Prettified Code! * feat: test prettier * Prettified Code! * feat: test prettier * Prettified Code! * feat: test prettier * Prettified Code! * feat: test prettier * Prettified Code! * feat: test prettier * Prettified Code! * feat: test linter fixing * feat: test linter fix * feat: test liinter fix * feat: test linter fix * feat: test linter fix * feat: test lint fix * fiix: update yml * chore: fix linting issues * feat: update linter * feat: update linter * feat: update yaml * feat: update yaml * feat: update yaml * feat: test liniter * feat: update yaml * feat: update yaml * feat: test linter * feat: update to use pretttier yaml * feat: update yaml * feat: update yaml * feat: test linter * feat: test lint * feat: test linter * Prettified Code! * feat: test linter * Prettified Code! * feat: add comment * fix: format * feat: update yaml * feat: test liinter * Prettified Code! * feat: test same commit * feat: test signing * Prettified Code! * feat: update yml options --------- Co-authored-by: andrew-field <[email protected]>
andrew-field · Mar 9, 2025 · 327aec4 · 327aec4
1 parent a4cd378
commit 327aec4
Show file tree

Hide file tree

Showing 6 changed files with 69 additions and 31 deletions.
diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml
@@ -6,9 +6,10 @@ on:
   pull_request:
     branches: [master]
 
-  # Allows you to run this workflow manually from the Actions tab
+  # Allows you to run this workflow manually from the Actions tab.
   workflow_dispatch:
 
+# Permissions for the GITHUB_TOKEN.
 permissions: {}
 
 jobs:
@@ -19,4 +20,4 @@ jobs:
       test_flags: -race
 
     secrets: inherit
-    # Codecov secret used by the build-test action. Codecov token needs to be added as a secret.
+    # Codecov secret used by the build-test action. CODECOV_TOKEN needs to be added as a secret.
diff --git a/.github/workflows/bump-go-mod-version.yml b/.github/workflows/bump-go-mod-version.yml
@@ -4,14 +4,15 @@ on:
   schedule:
     - cron: "40 0 1 * *"
 
-  # Allows you to run this workflow manually from the Actions tab
+  # Allows you to run this workflow manually from the Actions tab.
   workflow_dispatch:
 
-permissions:
-  pull-requests: write
-  contents: write
+# Permissions for the GITHUB_TOKEN.
+permissions: {}
 
 jobs:
   bump_go_mod_version:
     name: Call bump go mod version action
     uses: andrew-field/reusable-workflows/.github/workflows/bump-go-mod-version.yml@master
+
+    secrets: inherit # Needs to inherit more than the GITHUB_TOKEN to trigger Github Actions CI checks. BUMP_GO_VERSION_TOKEN needs to be added as a secret.
diff --git a/.github/workflows/prettier-lint.yml b/.github/workflows/prettier-lint.yml
@@ -0,0 +1,50 @@
+name: prettier-lint
+# The super linter has some fix mode options available but it did not work, too complicated.
+
+on:
+  push:
+    branches:
+      - "release-please--branches--master" # Only trigger for the release-please branch.
+
+# Permissions for the GITHUB_TOKEN.
+permissions:
+  contents: write
+
+jobs:
+  prettier:
+    name: Prettify code base # Mainly lint the automaic change log file created by release-please, which is on the release-please branch.
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          # Make sure the actual branch is checked out when running on pull requests.
+          ref: ${{ github.head_ref }}
+
+      - name: "Import GPG key" # Import the GPG key to sign the commits.
+        id: import-gpg
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} # Accessed via the secrets context. Needs to be added as a secret.
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
+      - name: Prettify code
+        uses: creyD/[email protected]
+        with:
+          # Prettify the markdown files.
+          # It uses the default GITHUB_TOKEN which has enough permissions for this command, but would fail if trying to alter the yml files
+          # in the .github/workflows directory which requires workflows privileges.
+          # Pushing code using the GITHUB_TOKEN will not trigger any workflows relying on push events.
+          prettier_options: --write **/*.md
+          commit_options: -S # Sign the commit with the GPG key.
+  lint:
+    # The reusable workflow calls checkout again so the latest code with the prettier changes is checked out.
+    name: Call super linter
+    needs: prettier
+    uses: andrew-field/reusable-workflows/.github/workflows/super-linter.yml@master
+    with:
+      # Includes the latest commit from the prettier action. Using github.head_ref would just give the branch name and the latest commit would not be available.
+      checkout_ref: ${{ github.ref }}
diff --git a/.github/workflows/refresh-go-report-card.yml b/.github/workflows/refresh-go-report-card.yml
@@ -4,9 +4,10 @@ on:
   push:
     branches: [master]
 
-  # Allows you to run this workflow manually from the Actions tab
+  # Allows you to run this workflow manually from the Actions tab.
   workflow_dispatch:
 
+# Permissions for the GITHUB_TOKEN.
 permissions: {}
 
 jobs:

diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -4,16 +4,15 @@ on:
   push:
     branches: [master]
 
-  # Allows you to run this workflow manually from the Actions tab
+  # Allows you to run this workflow manually from the Actions tab.
   workflow_dispatch:
 
-permissions:
-  contents: write
-  pull-requests: write
+# Permissions for the GITHUB_TOKEN.
+permissions: {}
 
 jobs:
   release-please:
     name: Call release please
     uses: andrew-field/reusable-workflows/.github/workflows/release-please.yml@master
 
-    secrets: inherit
+    secrets: inherit # Needs to inherit more than the GITHUB_TOKEN to trigger Github Actions CI checks. RELEASE_PLEASE needs to be added as a secret.
diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml
@@ -6,30 +6,16 @@ on:
   pull_request:
     branches: [master]
 
-  # Allows you to run this workflow manually from the Actions tab
+  # Allows you to run this workflow manually from the Actions tab.
   workflow_dispatch:
 
+# Permissions for the GITHUB_TOKEN.
 permissions: {}
 
 jobs:
-  prettier:
-    if: github.head_ref == 'release-please--branches--master'
-    name: Prettify code base # Mainly lint the automaic change log file created by release-please, which is on the release-please branch.
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          # Make sure the actual branch is checked out when running on pull requests
-          ref: ${{ github.head_ref }}
-
-      - name: Prettify code
-        uses: creyD/[email protected]
-        with:
-          prettier_options: . --write # Prettify all files in the repository.
   lint:
-    if: ${{ always() }} # This job will always run after the prettier job, regardless of the outcome. https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/using-jobs-in-a-workflow#defining-prerequisite-jobs
-    needs: prettier
+    # If the branch is from the release please workflow, don't trigger the linter. It is handled in the prettier workflow.
+    # No other way currently to filter on pull request triggers using the source branch as well as the target branch.
+    if: ${{ github.head_ref != 'release-please--branches--master' }} # Access using the github context. Curly braces are technically optional in if expressions.
     name: Lint code base
     uses: andrew-field/reusable-workflows/.github/workflows/super-linter.yml@master