60 lines · yaml
1name: Release Asset Audit2 3on:4 workflow_dispatch:5 release:6 schedule:7 # * is a special character in YAML so you have to quote this string8 # Run once an hour9 - cron: '5 * * * *'10 11 pull_request:12 paths:13 - ".github/workflows/release-asset-audit.py"14 - ".github/workflows/release-asset-audit.yml"15 16permissions:17 contents: read # Default everything to read-only18 19jobs:20 audit:21 name: "Release Asset Audit"22 runs-on: ubuntu-24.0423 if: github.repository == 'llvm/llvm-project'24 steps:25 - name: Checkout LLVM26 uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.027 with:28 sparse-checkout: |29 .github/workflows/release-asset-audit.py30 llvm/utils/git/requirements.txt31 - name: "Run Audit Script"32 env:33 GITHUB_TOKEN: ${{ github.token }}34 run: |35 pip install --require-hashes -r ./llvm/utils/git/requirements.txt36 python3 ./.github/workflows/release-asset-audit.py $GITHUB_TOKEN37 - name: "File Issue"38 if: >-39 github.event_name != 'pull_request' &&40 failure()41 uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.042 with:43 github-token: ${{ secrets.ISSUE_SUBSCRIBER_TOKEN }}44 script: |45 var fs = require('fs');46 var body = ''47 if (fs.existsSync('./comment')) {48 body = fs.readFileSync('./comment') + "\n\n";49 }50 body = body + `\n\nhttps://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}`51 52 const issue = await github.rest.issues.create({53 owner: context.repo.owner,54 repo: context.repo.repo,55 title: "Release Asset Audit Failed",56 labels: ['infrastructure'],57 body: body58 });59 console.log(issue);60