chore(ci): replace Danger with GitHub Actions native PR checks and SARIF#522
Merged
chore(ci): replace Danger with GitHub Actions native PR checks and SARIF#522
Conversation
Remove Ruby/Danger setup and replace with lightweight GitHub Actions alternatives: - Add `.github/workflows/pr-checks.yml` for PR quality gates (WIP label, DO NOT MERGE label, big PR warning) via `actions/github-script` on a minimal ubuntu runner with default permissions - Replace `Setup Ruby` + `Run Danger` steps in `ci.yml` with `github/codeql-action/upload-sarif` to report Android lint results from all modules as inline PR annotations via GitHub Code Scanning - Scope `security-events: write` permission to the build job only (no longer needs `pull-requests: write`) - Delete `Dangerfile`, `Gemfile`, `Gemfile.lock` Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR removes the Ruby/Danger-based PR automation from CI and replaces it with GitHub Actions-native PR quality gates plus SARIF upload for Android lint results.
Changes:
- Remove
Dangerfile,Gemfile, andGemfile.lock(dropping Ruby/Bundler/Danger from CI). - Add a new
pr-checks.ymlworkflow usingactions/github-scriptfor PR quality gates (WIP / DO NOT MERGE / big PR). - Update
ci.ymlto upload Android lint SARIF results viagithub/codeql-action/upload-sarif.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
Gemfile.lock |
Removes Danger/Bundler dependency lockfile from the repo. |
Gemfile |
Removes Ruby gem dependencies used only for Danger. |
Dangerfile |
Deletes the legacy Danger-based PR checks and Android lint inline comments. |
.github/workflows/pr-checks.yml |
Adds GitHub Actions-native PR quality gates using actions/github-script. |
.github/workflows/ci.yml |
Replaces Danger execution with SARIF upload for Android lint; adjusts job permissions. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+65
to
69
| permissions: | ||
| security-events: write | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v6 |
There was a problem hiding this comment.
permissions is set at the job level but only grants security-events: write. In GitHub Actions, specifying permissions overrides defaults, so contents: read is no longer granted and actions/checkout (and other steps that read the repo) can fail with a 403. Add contents: read (and any other required scopes) alongside security-events: write.
- actions/github-script v7 -> v8 - github/codeql-action/upload-sarif v3 -> v4 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
mikepenz
force-pushed
the
chore/replace-danger-with-sarif
branch
from
1ae3c29 to
832a03b
Compare
- Collect all lint-results-debug.sarif files from all modules into a single sarif-reports/ directory with unique names before uploading - Switch upload-sarif action from unsupported glob to directory path - Add if: always() to Archive Test Report step so it runs on failure - Add contents: read permission to build job Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
danger-android_lintinline comments withgithub/codeql-action/upload-sarif, uploading SARIF reports from all Android modules (**/build/reports/lint-results-debug.sarif)actions/github-scriptstep in a dedicatedpr-checks.ymlworkflow running onubuntu-latestwith default permissionsbuildjob inci.ymlnow only holdssecurity-events: write(needed for SARIF upload) — nopull-requests: writerequiredNotes
AndroidApplicationConventionPlugin+AndroidLibraryConventionPlugin) must havelint { sarifReport = true }enabled (done separately in the convention repo)🤖 Generated with Claude Code