grape Reimplement Danger on pull_request

Danger uses a hardcoded token, which gets revoked by GitHub.

We need to split Danger work into a part that runs on pull_request to analyze the PR, and the part that comments on the pull request that uses a secret token.

https://code.dblock.org/2024/04/19/commenting-on-pull-requests-in-github-actions.html

Dec 01 '25 21:12 dblock

Something like this https://github.com/ruby-grape/grape/pull/2632/files ?

Dec 07 '25 02:12 numbata

Yes, if you can make it work @numbata !

Dec 07 '25 03:12 dblock

I’ve added some changes to danger-changelog#65, which means we won’t need to reimplement the changelog plugin in our Dangerfile as I did in my draft PR.

Once that is merged, we can move forward with merging this PR: https://github.com/ruby-grape/danger/pull/14, …and then bump the ruby-grape-danger version.

Dec 08 '25 22:12 numbata

For transparency, my plan is:

Remove the requirement for github_token from danger-changelog https://github.com/dblock/danger-changelog/pull/65
Release a new version of danger-changelog
Remove the toc! check (which also requires github_token) from the Dangerfile https://github.com/ruby-grape/danger/pull/14
Bump the minimum danger-changelog version for ruby-grape-danger
Release ruby-grape-danger
Simplify the GitHub workflow based on these changes here: https://github.com/ruby-grape/grape/pull/2632
Roll out the updated workflow across the grape-* gems

Dec 09 '25 09:12 numbata

Sounds great @numbata, I merged https://github.com/dblock/danger-changelog/pull/65

Dec 09 '25 21:12 dblock

Reimplement Danger on pull_request_target