Add Inkog - AI Agent Security Scanner #1209
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: [master] | |
| jobs: | |
| readme-check: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check README.md was not edited directly | |
| id: readme | |
| run: | | |
| TRUSTED="mre jakubsacha" | |
| AUTHOR="${{ github.event.pull_request.user.login }}" | |
| for u in $TRUSTED; do | |
| if [ "$AUTHOR" = "$u" ]; then | |
| echo "trusted=true" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| done | |
| if git diff --name-only origin/master...HEAD | grep -q "^README.md$"; then | |
| echo "modified=true" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Comment and fail on direct README edit | |
| if: steps.readme.outputs.modified == 'true' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| PR: ${{ github.event.pull_request.number }} | |
| REPO: ${{ github.repository }} | |
| run: | | |
| gh api "repos/$REPO/issues/$PR/comments" \ | |
| -f body="README.md was edited directly. The README is generated from the YAML files in \`data/tools/\`. Please add or edit the corresponding file in \`data/tools/\` instead and do not touch README.md." \ | |
| --silent | |
| echo "README.md must not be edited directly." >&2 | |
| exit 1 | |
| render: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Render list | |
| id: render | |
| run: | | |
| make render-skip-deprecated 2>&1 | tee /tmp/render-output.txt | |
| exit ${PIPESTATUS[0]} | |
| - name: Comment render error on failure | |
| if: failure() && steps.render.outcome == 'failure' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| PR: ${{ github.event.pull_request.number }} | |
| REPO: ${{ github.repository }} | |
| run: | | |
| OUTPUT=$(grep -E "^Error" /tmp/render-output.txt | head -20) | |
| { | |
| echo "The render step failed with the following error:" | |
| echo "" | |
| echo '```' | |
| echo "$OUTPUT" | |
| echo '```' | |
| echo "" | |
| echo "Please check your YAML file in \`data/tools/\` against the format used by other tools in that directory." | |
| } > /tmp/render-comment.txt | |
| gh api "repos/$REPO/issues/$PR/comments" \ | |
| -f body=@/tmp/render-comment.txt \ | |
| --silent |