name: danger
on: pull_request

jobs:
  danger:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 100
      - name: Set up Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: 3.2
          bundler-cache: true
          rubygems: latest
      - name: Run Danger
        run: |
          # the token is public, has public_repo scope and belongs to the grape-bot user owned by @dblock, this is ok
          TOKEN=$(echo -n Z2hwX2lYb0dPNXNyejYzOFJyaTV3QUxUdkNiS1dtblFwZTFuRXpmMwo= | base64 --decode)
          DANGER_GITHUB_API_TOKEN=$TOKEN bundle exec danger --verbose