DS-User-Guide/.github/workflows/requirements-validate.yml at 824e99aca95bca39d3cb0a4bc90026b16698e303 · DesignSafe-CI/DS-User-Guide · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# Humans should not manage requirements.txt (bots do)
name: Validate requirements.txt not changed by human

on:
  pull_request:
    paths: ['requirements.txt']
    types: [opened, synchronize, reopened]

jobs:
  reject-requirements-drift:
    runs-on: ubuntu-latest

    # Skip if the last commit was from the bot (prevent unnecessary check)
    if: github.event.head_commit.author.name != 'github-actions[bot]'

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0  # full history

      - name: Check if requirements.txt was modified unexpectedly
        run: |
          # For PRs, check against base branch
          # For pushes, check last commit
          if [ "${{ github.event_name }}" = "pull_request" ]; then
            BASE_REF="${{ github.event.pull_request.base.sha }}"
            COMPARE_RANGE="$BASE_REF...HEAD"
          else
            COMPARE_RANGE="HEAD~1..HEAD"
          fi

          # If requirements.txt modified in that range
          if git diff --name-only $COMPARE_RANGE | grep -q "^requirements.txt$"; then
            echo "::error::You may NOT edit 'requirements.txt'"
            echo "::warning::Undo your changes to requirements.txt, so robot can maintain it."
            echo "::notice::To pin dependencies, use 'poetry add <package-name>'."
            exit 1
          fi

          echo "'requirements.txt' unchanged (or only changed by bot)"