Lock transactions after reconcilliation #1868
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Compare Sizes | |
########################################################################################## | |
# WARNING! This workflow uses the 'pull_request_target' event. That mans that it will # | |
# always run in the context of the main actualbudget/actual repo, even if the PR is from # | |
# a fork. This is necessary to get access to a GitHub token that can post a comment on # | |
# the PR. Be VERY CAREFUL about adding things to this workflow, since forks can inject # | |
# arbitrary code into their branch, and can pollute the artifacts we download. Arbitrary # | |
# code execution in this workflow could lead to a compromise of the main repo. # | |
########################################################################################## | |
# See: https://securitylab.github.com/research/github-actions-preventing-pwn-requests # | |
########################################################################################## | |
on: | |
pull_request_target: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
compare: | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write | |
steps: | |
- name: Wait for ${{github.base_ref}} build to succeed | |
uses: fountainhead/[email protected] | |
id: master-build | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
checkName: web | |
ref: ${{github.base_ref}} | |
- name: Wait for PR build to succeed | |
uses: fountainhead/[email protected] | |
id: wait-for-build | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
checkName: web | |
ref: ${{github.event.pull_request.head.sha}} | |
- name: Report build failure | |
if: steps.wait-for-build.outputs.conclusion == 'failure' | |
run: | | |
echo "Build failed on PR branch or ${{github.base_ref}}" | |
exit 1 | |
- name: Download build artifact from ${{github.base_ref}} | |
uses: dawidd6/action-download-artifact@v2 | |
id: pr-build | |
with: | |
branch: ${{github.base_ref}} | |
workflow: build.yml | |
name: build-stats | |
path: base | |
- name: Download build artifact from PR | |
uses: dawidd6/action-download-artifact@v2 | |
with: | |
pr: ${{github.event.pull_request.number}} | |
workflow: build.yml | |
name: build-stats | |
path: head | |
- name: Strip content hashes from stats files | |
run: | | |
sed -i -E 's/\.[0-9a-f]{8,}\././g' ./head/*.json | |
sed -i -E 's/\.[0-9a-f]{8,}\././g' ./base/*.json | |
- uses: github/[email protected] | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
current-stats-json-path: ./head/desktop-client-stats.json | |
base-stats-json-path: ./base/desktop-client-stats.json | |
title: desktop-client | |
- uses: github/[email protected] | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
current-stats-json-path: ./head/loot-core-stats.json | |
base-stats-json-path: ./base/loot-core-stats.json | |
title: loot-core |