grafana-github-actions
grafana-github-actions copied to clipboard
Published
20 hours ago •
grafana
grafana
Internationalisation: Add reusable crowdin workflows
Adds reusable crowdin workflows so they can be used across multiple repositories
For https://github.com/grafana/grafana/issues/105659
~josh made a great point - these should probably be composite actions. see:~
- ~https://docs.github.com/en/actions/sharing-automations/reusing-workflows~
- ~https://docs.github.com/en/actions/sharing-automations/creating-actions/creating-a-composite-action~
- ~https://docs.github.com/en/actions/sharing-automations/avoiding-duplication~
edit: actually, i'm back on the reusable workflow train. if these were composite actions, i can't see when we'd ever use them outside of different variations of this workflow in other repos, so let's just make the whole workflow reusable
:cry: zizmor failed with exit code 14.
Expand for full output
error[template-injection]: code injection via template expansion
--> ./.github/workflows/crowdin-download.yml:108:9
|
108 | - name: Approve and automerge PR
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ this step
109 | if: steps.crowdin-download.outputs.pull_request_url
...
114 | # TODO make these paths inputs to the workflow when we move this to a shared repo
115 | / run: |
116 | | IFS=$'\n' read -ra CHANGED_ARRAY <<< "$(gh pr diff --name-only ${{ steps.crowdin-download.outputs.pull_request_url }})"
... |
168 | | gh pr review ${{ steps.crowdin-download.outputs.pull_request_url }} --approve
169 | | gh pr merge --auto --squash ${{ steps.crowdin-download.outputs.pull_request_url }}
| |____________________________________________________________________________________________^ inputs.en_paths may expand into attacker-controllable code
|
= note: audit confidence → Low
16 findings (7 ignored, 8 suppressed): 0 unknown, 0 informational, 0 low, 0 medium, 1 high
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}