Structured Logs: Collect stdout/stderr per default
          
            #7757
        
      
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | name: Changes In High Risk Code | |
| on: | |
| pull_request: | |
| # Concurrency configuration: | |
| # - We use workflow-specific concurrency groups to prevent multiple high-risk code analysis runs, | |
| # as these detect changes to critical code paths and trigger additional validation workflows. | |
| # - We always cancel in-progress runs since this workflow only runs on pull requests, and only | |
| # the latest commit's high-risk code changes matter for determining which additional tests to run. | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| files-changed: | |
| name: Detect File Changes | |
| runs-on: ubuntu-latest | |
| # Map a step output to a job output | |
| outputs: | |
| high_risk_code: ${{ steps.changes.outputs.high_risk_code }} | |
| high_risk_code_files: ${{ steps.changes.outputs.high_risk_code_files }} | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Get changed files | |
| id: changes | |
| uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
| with: | |
| token: ${{ github.token }} | |
| filters: .github/file-filters.yml | |
| # Enable listing of files matching each filter. | |
| # Paths to files will be available in `${FILTER_NAME}_files` output variable. | |
| list-files: csv | |
| validate-high-risk-code: | |
| name: Validate High-Risk Code | |
| if: needs.files-changed.outputs.high_risk_code == 'true' | |
| needs: files-changed | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Remove previous comments | |
| uses: actions/github-script@v8 | |
| with: | |
| script: | | |
| core.debug('Listing comments') | |
| const response = await github.rest.issues.listComments({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo | |
| }) | |
| if (!response.data) { | |
| core.info('No comments found') | |
| return | |
| } | |
| core.debug(`Found ${response.data.length} comments`) | |
| for (const comment of response.data) { | |
| if (comment.user.login === 'github-actions[bot]' && comment.body.includes('### 🚨 Detected changes in high risk code 🚨')) { | |
| core.info(`Deleting comment ${comment.id}`) | |
| await github.rest.issues.deleteComment({ | |
| comment_id: comment.id, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| }) | |
| } | |
| } | |
| - name: Comment on PR to notify of changes in high risk files | |
| uses: actions/github-script@v8 | |
| env: | |
| high_risk_code: ${{ needs.files-changed.outputs.high_risk_code_files }} | |
| with: | |
| script: | | |
| const highRiskFiles = process.env.high_risk_code; | |
| const fileList = highRiskFiles.split(',').map(file => `- [ ] ${file}`).join('\n'); | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: `### 🚨 Detected changes in high risk code 🚨 \n High-risk code can easily blow up and is hard to test. We had severe bugs in the past. Be extra careful when changing these files, and have an extra careful look at these:\n ${fileList}` | |
| }) |