enhance(workflows): suggest fixes with reviewdog (#25154)

Adds a new workflow that runs `npm run fix` and suggests changes on the PR. For security reasons, we run `npm ci` and `npm run fix` in a job without permissions, and pass the diff as an artifact to a separate job with elevated permissions.
mdn · Nov 29, 2024 · df62f2d · df62f2d
1 parent 7c61530
commit df62f2d
Showing 1 changed file with 63 additions and 0 deletions.
diff --git a/.github/workflows/pr-reviewdog.yml b/.github/workflows/pr-reviewdog.yml
@@ -0,0 +1,63 @@
+name: Reviewdog
+
+on:
+  pull_request_target:
+    branches: ["main"]
+
+jobs:
+  fix:
+    name: Fix
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: ".nvmrc"
+          cache: npm
+
+      - run: npm ci
+
+      - run: npm run fix
+        env:
+          FORCE_COLOR: 3
+
+      - run: git diff > diff.patch
+
+      - name: Upload diff
+        uses: actions/upload-artifact@v4
+        with:
+          name: diff
+          path: diff.patch
+
+  suggest:
+    name: Suggest
+    needs: fix
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Download diff
+        uses: actions/download-artifact@v4
+        with:
+          name: diff
+
+      - name: Setup
+        uses: reviewdog/action-setup@v1
+        with:
+          reviewdog_version: latest
+
+      - name: Suggest changes
+        env:
+          REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          cat diff.patch | reviewdog \
+            -name="bcd-linter" \
+            -f=diff \
+            -f.diff.strip=1 \
+            -filter-mode=diff_context \
+            -reporter=github-pr-review