.github/workflows/danger.yaml

name: Danger

on:
  pull_request:
    types: [opened, synchronize, reopened, edited, assigned, unassigned]
    branches: [master]

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  danger:
    name: Check
    runs-on: ubuntu-latest
    permissions:
      contents: write
      id-token: write
      actions: write
      issues: write
      pull-requests: write
    if: ${{ github.event.pull_request.head.ref != 'changeset-release/master' }}
    steps:
      - name: Checkout project
        uses: actions/checkout@v4

      - name: GSM Secrets
        id: secrets_manager
        uses: toptal/davinci-github-actions/gsm-secrets@v15.4.1
        with:
          workload_identity_provider: ${{ secrets.IDENTITY_POOL }}
          service_account: ${{ secrets.SA_IDENTITY_POOL }}
          secrets_name: |-
            TOPTAL_DEVBOT_TOKEN:toptal-ci/TOPTAL_DEVBOT_TOKEN

      - name: Parse secrets
        id: parse_secrets
        uses: toptal/davinci-github-actions/expose-json-outputs@v15.4.1
        with:
          json: ${{ steps.secrets_manager.outputs.secrets }}

      - name: Set ENV Variables
        run: |-
          echo "GITHUB_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_DEVBOT_TOKEN }}" >> $GITHUB_ENV

      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 18

      - uses: toptal/davinci-github-actions/yarn-install@v15.4.1

      - uses: toptal/davinci-github-actions/danger@v15.4.1