Skip to content

Commit 04e7bd3

Browse files
authored
Merge branch 'master' into fix/optional-k8s-followup
2 parents 771a4f9 + feedbf7 commit 04e7bd3

File tree

1 file changed

+36
-24
lines changed

1 file changed

+36
-24
lines changed

.github/workflows/pr-commands.yml

Lines changed: 36 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -3,40 +3,44 @@ on:
33
issue_comment:
44
types:
55
- created
6+
permissions: read-all
67
env:
78
DEFAULT_BRANCH: master
89
jobs:
10+
unauthorized:
11+
runs-on: ubuntu-latest
12+
if: >-
13+
contains(github.event.comment.body, '/ok-to-test') &&
14+
!(github.event.comment.author_association == 'MEMBER' ||
15+
github.event.comment.author_association == 'OWNER')
16+
permissions:
17+
issues: write
18+
steps:
19+
- name: Notify commenter of insufficient permissions
20+
env:
21+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
22+
MESSAGE: 🚫 This command cannot be processed. Only organization members or owners can use the commands.
23+
run: |
24+
gh issue comment "${{ github.event.issue.number }}" --repo "${{ github.repository }}" --body "${MESSAGE}"
25+
926
process-command:
1027
runs-on: ubuntu-latest
1128
# Fail early if the command is not recognized
12-
if: contains(github.event.comment.body, '/ok-to-test')
29+
if: >-
30+
contains(github.event.comment.body, '/ok-to-test') &&
31+
(github.event.comment.author_association == 'MEMBER' ||
32+
github.event.comment.author_association == 'OWNER')
33+
permissions:
34+
actions: read
35+
contents: read
36+
pull-requests: read
1337
outputs:
1438
PR_SHA: ${{ steps.fetch-pr-sha.outputs.PR_SHA }}
1539
steps:
1640
- name: Checkout Main Branch
1741
uses: actions/checkout@v5
1842
with:
1943
ref: ${{ env.DEFAULT_BRANCH }}
20-
- name: Check if the author is a member or Owner
21-
id: check-condition
22-
run: |
23-
if [[ "${{ github.event.comment.author_association }}" == "MEMBER" || "${{ github.event.comment.author_association }}" == "OWNER" ]]; then
24-
echo "condition_met=true" >> "$GITHUB_ENV"
25-
else
26-
echo "User does not have permission to trigger this command."
27-
echo "condition_met=false" >> "$GITHUB_ENV"
28-
fi
29-
30-
- name: Leave a Comment on Precondition Fail
31-
if: env.condition_met == 'false'
32-
env:
33-
message: 🚫 This command cannot be processed. Only organization members or owners can use the commands.
34-
run: |
35-
echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token
36-
gh issue comment "${{ github.event.issue.number }}" --repo "${{ github.repository }}" --body "${{ env.message }}"
37-
echo "${message}"
38-
exit 1
39-
4044
- name: Check if comment is on a pull request
4145
id: check-pr
4246
run: |
@@ -60,7 +64,15 @@ jobs:
6064
approve:
6165
runs-on: ubuntu-latest
6266
needs: process-command
63-
if: contains(github.event.comment.body, '/ok-to-test')
67+
if: >-
68+
contains(github.event.comment.body, '/ok-to-test') &&
69+
(github.event.comment.author_association == 'MEMBER' ||
70+
github.event.comment.author_association == 'OWNER')
71+
permissions:
72+
actions: write
73+
contents: read
74+
issues: write
75+
pull-requests: read
6476
steps:
6577
- name: Checkout Main Branch
6678
uses: actions/checkout@v5
@@ -94,8 +106,8 @@ jobs:
94106
95107
- name: Leave a Comment
96108
env:
109+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
97110
message: ${{ env.output_msg }}
98111
run: |
99-
echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token
100-
gh issue comment ${{ github.event.issue.number }} --repo "${{ github.repository }}" --body "${{ env.message }}"
112+
gh issue comment "${{ github.event.issue.number }}" --repo "${{ github.repository }}" --body "${message}"
101113

0 commit comments

Comments
 (0)