This repository was archived by the owner on Mar 18, 2026. It is now read-only.
Add fast-forward workflow #106
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| name: Fast forward | ||
|
|
||
| on: | ||
| issue_comment: | ||
| types: [created, edited] | ||
|
|
||
| permissions: | ||
| contents: write | ||
| pull-requests: write | ||
| issues: write | ||
|
|
||
| jobs: | ||
| fast-forward: | ||
| if: ${{ (contains(github.event.comment.body, '/fast-forward') | ||
| || github.event.comment.body == '/ff') | ||
| && github.event.issue.pull_request | ||
| && (github.event.comment.author_association == 'OWNER' | ||
| || github.event.comment.author_association == 'MEMBER') }} | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Add reaction | ||
| uses: peter-evans/create-or-update-comment@v4.0.0 | ||
| with: | ||
| comment-id: ${{ github.event.comment.id }} | ||
| reactions: rocket | ||
| - name: Fast forwarding | ||
| uses: sequoia-pgp/fast-forward@v1.0.0 | ||
| with: | ||
| merge: true | ||
| comment: always | ||
| github_token: ${{ secrets.GH_PUSH_TOKEN }} | ||
|
|
||
| rebase: | ||
| if: ${{ contains(github.event.comment.body, '/rebase') | ||
| && github.event.issue.pull_request | ||
| && (github.event.comment.author_association == 'OWNER' | ||
| || github.event.comment.author_association == 'MEMBER') }} | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Add reaction | ||
| uses: peter-evans/create-or-update-comment@v4.0.0 | ||
| with: | ||
| comment-id: ${{ github.event.comment.id }} | ||
| reactions: rocket | ||
| - name: Set git user | ||
| run: | | ||
| git config --global user.email "ci@fashionunited.com" | ||
| git config --global user.name "CI FashionUnited" | ||
| - name: Get pull request ref | ||
| id: get_pull_request_ref | ||
| uses: octokit/request-action@v2.4.0 | ||
| with: | ||
| route: GET /repos/:repository/pulls/:issue_id | ||
| repository: ${{ github.repository }} | ||
| issue_id: ${{ github.event.issue.number }} | ||
| env: | ||
| GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| ref: ${{ fromJSON(steps.get_pull_request_ref.outputs.data).head.ref }} | ||
|
Comment on lines
+59
to
+61
There was a problem hiding this comment.
This checkout uses Useful? React with 👍 / 👎. |
||
| fetch-depth: 0 | ||
| persist-credentials: false | ||
| token: ${{ secrets.GH_PUSH_TOKEN }} | ||
| - name: Set git credentials | ||
|
Check failure on line 65 in .github/workflows/fast-forward.yml
|
||
|
Comment on lines
+58
to
+65
Check failureCode scanning / CodeQL Untrusted Checkout TOCTOU High
Comment on lines
+58
to
+65
Check failureCode scanning / CodeQL Checkout of untrusted code in trusted context High |
||
| run: git remote set-url origin https://x-access-token:${{ secrets.GH_PUSH_TOKEN }}@github.com/${{ github.repository }} | ||
| - name: Fetch default branch | ||
| run: git fetch origin ${{ github.event.repository.default_branch }} | ||
| - name: Rebase branch on default branch | ||
| run: git rebase origin/${{ github.event.repository.default_branch }} | ||
| - name: Verify rebase success | ||
| run: | | ||
| if git status --porcelain | grep -q '^'; then | ||
| echo "Working directory is dirty after rebase" | ||
| exit 1 | ||
| fi | ||
| - name: Force push to branch | ||
| run: git push --force-with-lease origin HEAD | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using
contains(...)means any comment that merely mentions/fast-forward(and similarly/rebase) will trigger the job, so maintainers can accidentally launch merge/rebase actions while discussing commands in plain text. This should be constrained to exact command forms (or explicit prefix patterns) to avoid unintended execution.Useful? React with 👍 / 👎.