grape icon indicating copy to clipboard operation
grape copied to clipboard
verified publisher icon ruby-grape

Remove API token requirement from Danger workflow

Open numbata opened this issue 1 month ago • 1 comments

Switch to tokenless execution using with GitHub Actions annotations for inline feedback. This eliminates the need for the grape-bot token while still providing PR feedback via workflow annotations.

Changes:

  • Use commit SHAs instead of branch refs for reliable diff calculation
  • Output violations as GitHub Actions annotations (errors, warnings, notices)
  • Update to actions/checkout@v6 with full history fetch

numbata avatar Dec 07 '25 00:12 numbata

Dependent on https://github.com/dblock/danger-changelog/pull/66 now

numbata avatar Dec 15 '25 02:12 numbata

I'm good with this!

Can we move some/most/all of these things into https://github.com/ruby-grape/danger? Otherwise let's work on archiving that repo.

dblock avatar Dec 16 '25 12:12 dblock

@dblock We can't move workflows totally to ruby-grape-danger. Something will stay here. But we can try to reuse workflows from danger by something like:

# .github/workflows/danger.yml
name: Danger
on:
  pull_request:
    types: [opened, reopened, edited, synchronize]
jobs:
  danger:
    uses: uses: ruby-grape/danger/.github/workflows/danger-run.yml@main
    secrets: inherit

and

# .github/workflows/danger-comment.yml
name: Danger Comment
on:
  workflow_run:
    workflows: [Danger]
    types: [completed]
permissions:
  actions: read
  contents: read
  issues: write
  pull-requests: write
jobs:
  comment:
    if: github.event.workflow_run.event == 'pull_request'
    uses: uses: ruby-grape/danger/.github/workflows/danger-comment.yml@main
    with:
      run-id: ${{ github.event.workflow_run.id }}
    secrets: inherit

numbata avatar Dec 16 '25 13:12 numbata

@numbata cool, up to you when you want to refactor

dblock avatar Dec 16 '25 14:12 dblock