Use --danger-id when running Danger

Rémy Coutablerequested to merge
355898-supply-danger_id-when-running-danger-so-danger-accounts-don-t-step-on-each-others into master

What does this MR do and why?

This MR generates an ID based on a 6-char substring of the MD5 sum of the $DANGER_GITLAB_API_TOKEN variable.

The goal is to prevent danger-review failures when $DANGER_GITLAB_API_TOKEN cannot edit an existing Danger comment.

This address two cases:

  1. When danger-review runs in a fork context and the contributor has set their own $DANGER_GITLAB_API_TOKEN
  2. When $DANGER_GITLAB_API_TOKEN is rotated (usually for security reasons): since the token only has the Developer role, it cannot edit comments posted by another the previous bot (the comment is owned by the Ghost user at this point).

This change would result in multiple Danger comments in the two above cases: one comment from the first bot (either the fork bot, or the revoked bot), and one comment from the second bot (either the canonical bot, or the new bot in case of a revoke).

As an example, in this MR, I first generated a dummy Danger ID, then I changed the logic to actually use the substring of the Danger token's MD5 sum, resulting in two comment by Danger.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #355898 (closed).

Edited by Rémy Coutable

Merge request reports