From 59b9dac51d30beaa1acb062f073d163601739929 Mon Sep 17 00:00:00 2001 From: "Walter.Kolczynski" Date: Tue, 23 Dec 2025 23:19:55 +0000 Subject: [PATCH 1/5] Change pull_request to pull_request_target --- .github/workflows/bash_code_analysis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bash_code_analysis.yaml b/.github/workflows/bash_code_analysis.yaml index 4e0559031c..8e4ba391b0 100644 --- a/.github/workflows/bash_code_analysis.yaml +++ b/.github/workflows/bash_code_analysis.yaml @@ -3,7 +3,7 @@ on: push: branches: - develop - pull_request: + pull_request_target: workflow_dispatch: From 62fab4c29fc4891a47a28d311fbac0e702ec2246 Mon Sep 17 00:00:00 2001 From: "Walter.Kolczynski" Date: Tue, 23 Dec 2025 23:43:43 +0000 Subject: [PATCH 2/5] Checkout PR branch and add conditionals for bash_code_anl --- .github/workflows/bash_code_analysis.yaml | 38 +++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/.github/workflows/bash_code_analysis.yaml b/.github/workflows/bash_code_analysis.yaml index 8e4ba391b0..b428b4ebb3 100644 --- a/.github/workflows/bash_code_analysis.yaml +++ b/.github/workflows/bash_code_analysis.yaml @@ -3,7 +3,7 @@ on: push: branches: - develop - pull_request_target: + pull_request_target: # safe as long as code is not being run workflow_dispatch: @@ -19,11 +19,28 @@ jobs: checks: write steps: + - name: determine hash + uses: haya14busa/action-cond@v1 + id: hash + with: + cond: ${{ github.event_name == 'pull_request' }} + if_true: ${{ github.event.pull_request.head.sha }} + if_false: '' + - name: checkout code uses: actions/checkout@v6 with: + ref: ${{ steps.hash.outputs.value }} submodules: false + - name: determine reporter + uses: haya14busa/action-cond@v1 + id: reporter + with: + cond: ${{ github.event_name == 'pull_request' }} + if_true: 'github-pr-review' + if_false: 'github-check' + - name: shfmt scan uses: reviewdog/action-shfmt@v1 with: @@ -44,11 +61,28 @@ jobs: checks: write steps: + - name: determine hash + uses: haya14busa/action-cond@v1 + id: hash + with: + cond: ${{ github.event_name == 'pull_request' }} + if_true: ${{ github.event.pull_request.head.sha }} + if_false: '' + - name: checkout code uses: actions/checkout@v6 with: + ref: ${{ steps.hash.outputs.value }} submodules: false - + + - name: determine reporter + uses: haya14busa/action-cond@v1 + id: reporter + with: + cond: ${{ github.event_name == 'pull_request' }} + if_true: 'github-pr-review' + if_false: 'github-check' + - name: shellcheck scan uses: reviewdog/action-shellcheck@v1 with: From 669ceea66335bc78e61cb276dabf3ea01d4c0ff4 Mon Sep 17 00:00:00 2001 From: "Walter.Kolczynski" Date: Wed, 24 Dec 2025 00:22:07 +0000 Subject: [PATCH 3/5] Update setting to fail on shfmt error --- .github/workflows/bash_code_analysis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bash_code_analysis.yaml b/.github/workflows/bash_code_analysis.yaml index b428b4ebb3..da4692ba21 100644 --- a/.github/workflows/bash_code_analysis.yaml +++ b/.github/workflows/bash_code_analysis.yaml @@ -46,7 +46,7 @@ jobs: with: github_token: ${{ secrets.GITHUB_TOKEN }} filter_mode: nofilter - fail_level: any + fail_on_error: true level: any reviewdog_flags: '-reporter=github-pr-review' shfmt_flags: '' From ad6e2949d21e9681075741471679b2c029598cf9 Mon Sep 17 00:00:00 2001 From: "Walter.Kolczynski" Date: Wed, 24 Dec 2025 04:45:37 +0000 Subject: [PATCH 4/5] Fix badges --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 96f4b99e91..0b2506a7d8 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ [![Read The Docs Status](https://readthedocs.org/projects/global-workflow/badge/?badge=latest)](http://global-workflow.readthedocs.io/) -[![shellnorms](https://github.com/NOAA-EMC/global-workflow/actions/workflows/linters.yaml/badge.svg)](https://github.com/NOAA-EMC/global-workflow/actions/workflows/linters.yaml) -[![pynorms](https://github.com/NOAA-EMC/global-workflow/actions/workflows/pynorms.yaml/badge.svg)](https://github.com/NOAA-EMC/global-workflow/actions/workflows/pynorms.yaml) +[![bash code analysis](https://github.com/NOAA-EMC/global-workflow/workflows/bash_code_analysis/badge.svg?branch=develop&event=push)](https://github.com/NOAA-EMC/global-workflow/actions?query=workflow%3Abash_code_analysis+event%3Apush+branch%3Adevelop) +[![python code analysis](https://github.com/NOAA-EMC/global-workflow/workflows/python_code_analysis/badge.svg)](https://github.com/NOAA-EMC/global-workflow/actions?query=workflow%3Apython_code_analysis+event%3Apush+branch%3Adevelop) ![Custom badge](https://img.shields.io/endpoint?url=https://gist.githubusercontent.com/emcbot/e35aa2904a54deae6bbb1fdc2d960c71/raw/wcoss2.json) ![Custom badge](https://gist.githubusercontent.com/emcbot/66059582886cb5c2485ff64bf24e7f93/raw/ursa_pipeline_badge.svg) From 471b6e4b0ac98a7e01295fcb81aa248a624bc5e5 Mon Sep 17 00:00:00 2001 From: "Walter.Kolczynski" Date: Wed, 24 Dec 2025 04:46:05 +0000 Subject: [PATCH 5/5] Fix github reporters --- .github/workflows/bash_code_analysis.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/bash_code_analysis.yaml b/.github/workflows/bash_code_analysis.yaml index da4692ba21..f80f9cd97b 100644 --- a/.github/workflows/bash_code_analysis.yaml +++ b/.github/workflows/bash_code_analysis.yaml @@ -46,9 +46,8 @@ jobs: with: github_token: ${{ secrets.GITHUB_TOKEN }} filter_mode: nofilter - fail_on_error: true level: any - reviewdog_flags: '-reporter=github-pr-review' + reviewdog_flags: '-reporter=${{ steps.reporter.outputs.value }} -fail_level=any' shfmt_flags: '' shellcheck: @@ -87,7 +86,7 @@ jobs: uses: reviewdog/action-shellcheck@v1 with: github_token: ${{ secrets.GITHUB_TOKEN }} - reporter: github-pr-review + reporter: ${{ steps.reporter.outputs.value }} filter_mode: nofilter fail_level: any level: any