Description

When attempting to run our Danger action, we get an error shortly after bundling completes; I believe this due to a change GitHub made to fix a CVE: GHSA-mfwh-5m23-j46w

Bundle complete! 169 Gemfile dependencies, 346 gems now installed.
Bundled gems are installed into `./vendor/bundle`
Error: Unable to process command '::set-env name=RUBYOPT::-W0' successfully.
Error: The `set-env` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
/opt/hostedtoolcache/Ruby/2.6.6/x64/bin/bundle exec danger --dangerfile=Dangerfile --danger_id=danger-pr

Environment

In case it matters, we're using GitHub's hosted actions. here's our Action.yml file for Danger

name: Danger 😎

on:
  - pull_request

jobs:
  danger:
    runs-on: ubuntu-latest
    if: github.event_name  == 'pull_request' # if only run pull request when multiple trigger workflow
    steps:
    - uses: actions/checkout@v2
      with:
        fetch-depth: 0
    - uses: actions/setup-ruby@v1
      with:
        ruby-version: '2.6'
    - run: gem install bundler:2.1.4
    - uses: actions/cache@v2
      with:
        path: vendor/bundle
        key: ${{ runner.os }}-gems-${{ hashFiles('Gemfile') }} # change your gemfile path
        restore-keys: |
          ${{ runner.os }}-gems-
    - uses: MeilCli/danger-action@v5
      with:
        plugins_file: 'Gemfile'
        install_path: 'vendor/bundle'
        danger_file: 'Dangerfile'
        danger_id: 'danger-pr'
      env:
        DANGER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Thanks!

I'm setting up danger in a repository but I'm getting a message in my GitHub actions.

Not a GitHubActions Pull Request - skipping `danger` run.

I've got a step defined in my ci config

  - name: Danger
    uses: MeilCli/[email protected]
    with:
      danger_file: "Dangerfile"
      danger_id: "whatever"
      danger_version: "9.0.0"
    env:
      DANGER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}

And as far as I understand, since this is running on Github Actions, all of the required ENV vars exist.
I added a step to output the contexts of ENV and can verify that all the required variables are there and set.

How can I best debug this issue? Or is there something obviously missing for me?

Thanks!

Description

Coming from https://github.com/hashie/hashie/runs/5692966922?check_suite_focus=true (https://github.com/hashie/hashie/runs/5692966922?check_suite_focus=true) getting a 403 when danger tries to comment on the issue.

`on_complete': POST https://api.github.com/repos/hashie/hashie/issues/561/comments: 403 - Resource not accessible by integration // See: https://docs.github.com/rest/reference/issues#create-an-issue-comment 

What's the best way to deal with this?

In other places we used a different token like so, but maybe you have a better idea?

Feature description

The comment that is done on the PR have the label "github-actions"

Can this name be parameterized, so we can have different ones?

Hi

Current allows you to only setup like

    - name: Check Lint and Code Style
      uses: MeilCli/danger-action@v5
      with:
         ...
        danger_version: 8.4.2

I would like to not put this version (danger_version: 8.4.2) in the YAML but define inside a file .tool-versions like:

danger 9.0.0

The thing is that with this you could just declare the action, and you will not need to override the value on each job.

Feature description

This allows you to put danger in many flows without having to define the version for each one

[Please easy english or easy japanese]
see error below. it came out of nowhere today. version v5

Description

/opt/hostedtoolcache/Ruby/2.6.6/x64/bin/bundle install --path=vendor/bundle --jobs 4 --retry 3
11
Warning: the running version of Bundler (1.17.2) is older than the version that created the lockfile (1.17.3). We suggest you upgrade to the latest version of Bundler by running gem install bundler.
12
Ignoring digest-crc-0.6.1 because its extensions are not built. Try: gem pristine digest-crc --version 0.6.1
13
Ignoring json-2.3.1 because its extensions are not built. Try: gem pristine json --version 2.3.1
14
Ignoring nokogiri-1.10.10 because its extensions are not built. Try: gem pristine nokogiri --version 1.10.10
15
Ignoring oga-3.3 because its extensions are not built. Try: gem pristine oga --version 3.3
16
Ignoring ox-2.13.4 because its extensions are not built. Try: gem pristine ox --version 2.13.4
17
Ignoring ruby-ll-2.1.2 because its extensions are not built. Try: gem pristine ruby-ll --version 2.1.2
18
Ignoring unf_ext-0.0.7.7 because its extensions are not built. Try: gem pristine unf_ext --version 0.0.7.7
19
Fetching gem metadata from https://rubygems.org/........
20
Using rake 13.0.1
21
....
Bundle complete! 7 Gemfile dependencies, 99 gems now installed.
127
Bundled gems are installed into ./vendor/bundle
128
Error: The process '/opt/hostedtoolcache/Ruby/2.6.6/x64/bin/bundle' failed because one or more lines were written to the STDERR stream

Environment

android (ubuntu)

[Please easy english or easy japanese]

Feature description

I am writing to inform you that Node.js 16 in GitHub Actions will soon reach its end of support by Spring 2024.
As a result, we are looking to upgrade your workflows to e newer version in order to ensure continued performance and security.
We would be grateful if you could plan accordingly for this upgrade.
Thank you.

https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/

Pull requests from forks don't have access to repo or org secrets. See https://github.com/danger/danger-js/blob/main/source/ci_source/providers/GitHubActions.ts#L152

Would be fair if you have a documentation saying it doesn't support PRs from forks.

[Please easy english or easy japanese]

Description

When running the action inside self hosted Mac mini m2 I get the following:
vendor/bundle/ruby/3.2.0/gems/ffi-1.15.5/lib/ffi_c.bundle' (mach-o file, but is an incompatible architecture (have 'x86_64', need 'arm64')

Is there a way to fix this?

Environment

Apple Silicon m2

[Please easy english or easy japanese]

Description

I get an error with v5.6.2 and can't run it.

Run MeilCli/danger-action@v5
  with:
    plugins_file: .github/danger/android-lint/Gemfile
    install_path: vendor/bundle
    danger_file: .github/danger/android-lint/Dangerfile
    danger_id: danger-android-lint
    danger_version: >= [6](https://github.com/Fablic/fril-android/actions/runs/3494003365/jobs/5849419326#step:9:6).0.0
    danger_version_file: .tool-versions
    danger_version_file_format: asdf
    fail_on_stderr_when_bundler: false
    fail_on_stderr_when_danger: false
  env:
    DANGER_GITHUB_API_TOKEN: ***
Error: Unable to locate executable file: bundle. Please verify either the file path exists or the file can be found within a directory specified by the PATH environment variable. Also check the file mode to verify the file is executable.

Environment

Description

We use danger-rubocop which I'm installing using the Gemfile and this config:

      - uses: MeilCli/danger-action@v2
        with:
          plugins_file: 'Gemfile'
          danger_file: 'Dangerfile'
          danger_id: 'danger-pr'
        env:
          DANGER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}

This installs danger-rubocop gem but fails on execution

Bundled gems are installed into `./vendor/bundle`
danger --dangerfile=Dangerfile --danger_id=danger-pr
/opt/hostedtoolcache/Ruby/2.6.5/x64/lib/ruby/gems/2.6.0/gems/danger-6.3.1/lib/danger/danger_core/dangerfile.rb:70:in `method_missing':  (Danger::DSLError)
[!] Invalid `Dangerfile` file: undefined local variable or method `rubocop' for #<Danger::Dangerfile:0x000055f8094980e8>
 #  from Dangerfile:6
 #  -------------------------------------------
 #  
 >  rubocop.lint({:force_exclusion => true})
 #  
 #  -------------------------------------------

I suspect running using bundle exec will solve this issue but I am not 100% on that.

Environment