From: Yurii Motov Date: Fri, 17 Apr 2026 14:06:50 +0000 (+0200) Subject: Resolve `pre-commit.yml` X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=4f940bf1ac5dea3c6b13e571505f68bf1db305f7;p=thirdparty%2Ffastapi%2Fsqlmodel.git Resolve `pre-commit.yml` --- diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index e5e9c5740..bfeffcc88 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -6,6 +6,8 @@ on: - opened - synchronize +permissions: {} + env: # Forks and Dependabot don't have access to secrets HAS_SECRETS: ${{ secrets.PRE_COMMIT != '' }} @@ -28,7 +30,8 @@ jobs: # And it needs the full history to be able to compute diffs fetch-depth: 0 # A token other than the default GITHUB_TOKEN is needed to be able to trigger CI - token: ${{ secrets.PRE_COMMIT }} + token: ${{ secrets.PRE_COMMIT }} # zizmor: ignore[secrets-outside-env] + persist-credentials: true # Required for `git push` command # pre-commit lite ci needs the default checkout configs to work - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 name: Checkout PR for fork @@ -37,6 +40,7 @@ jobs: # To be able to commit it needs the head branch of the PR, the remote one ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 + persist-credentials: false - name: Set up Python uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: @@ -44,6 +48,7 @@ jobs: - name: Setup uv uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: + version: "0.11.4" cache-dependency-glob: | pyproject.toml uv.lock @@ -51,7 +56,7 @@ jobs: run: uv sync --locked - name: Run prek - pre-commit id: precommit - run: uvx prek run --from-ref origin/${GITHUB_BASE_REF} --to-ref HEAD --show-diff-on-failure + run: uv run prek run --from-ref origin/${GITHUB_BASE_REF} --to-ref HEAD --show-diff-on-failure continue-on-error: true - name: Commit and push changes if: env.HAS_SECRETS == 'true'