|
3 | 3 | issue_comment: |
4 | 4 | types: |
5 | 5 | - created |
| 6 | +permissions: read-all |
6 | 7 | env: |
7 | 8 | DEFAULT_BRANCH: master |
8 | 9 | jobs: |
| 10 | + unauthorized: |
| 11 | + runs-on: ubuntu-latest |
| 12 | + if: >- |
| 13 | + contains(github.event.comment.body, '/ok-to-test') && |
| 14 | + !(github.event.comment.author_association == 'MEMBER' || |
| 15 | + github.event.comment.author_association == 'OWNER') |
| 16 | + permissions: |
| 17 | + issues: write |
| 18 | + steps: |
| 19 | + - name: Notify commenter of insufficient permissions |
| 20 | + env: |
| 21 | + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 22 | + MESSAGE: 🚫 This command cannot be processed. Only organization members or owners can use the commands. |
| 23 | + run: | |
| 24 | + gh issue comment "${{ github.event.issue.number }}" --repo "${{ github.repository }}" --body "${MESSAGE}" |
| 25 | +
|
9 | 26 | process-command: |
10 | 27 | runs-on: ubuntu-latest |
11 | 28 | # Fail early if the command is not recognized |
12 | | - if: contains(github.event.comment.body, '/ok-to-test') |
| 29 | + if: >- |
| 30 | + contains(github.event.comment.body, '/ok-to-test') && |
| 31 | + (github.event.comment.author_association == 'MEMBER' || |
| 32 | + github.event.comment.author_association == 'OWNER') |
| 33 | + permissions: |
| 34 | + actions: read |
| 35 | + contents: read |
| 36 | + pull-requests: read |
13 | 37 | outputs: |
14 | 38 | PR_SHA: ${{ steps.fetch-pr-sha.outputs.PR_SHA }} |
15 | 39 | steps: |
16 | 40 | - name: Checkout Main Branch |
17 | 41 | uses: actions/checkout@v5 |
18 | 42 | with: |
19 | 43 | ref: ${{ env.DEFAULT_BRANCH }} |
20 | | - - name: Check if the author is a member or Owner |
21 | | - id: check-condition |
22 | | - run: | |
23 | | - if [[ "${{ github.event.comment.author_association }}" == "MEMBER" || "${{ github.event.comment.author_association }}" == "OWNER" ]]; then |
24 | | - echo "condition_met=true" >> "$GITHUB_ENV" |
25 | | - else |
26 | | - echo "User does not have permission to trigger this command." |
27 | | - echo "condition_met=false" >> "$GITHUB_ENV" |
28 | | - fi |
29 | | -
|
30 | | - - name: Leave a Comment on Precondition Fail |
31 | | - if: env.condition_met == 'false' |
32 | | - env: |
33 | | - message: 🚫 This command cannot be processed. Only organization members or owners can use the commands. |
34 | | - run: | |
35 | | - echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token |
36 | | - gh issue comment "${{ github.event.issue.number }}" --repo "${{ github.repository }}" --body "${{ env.message }}" |
37 | | - echo "${message}" |
38 | | - exit 1 |
39 | | -
|
40 | 44 | - name: Check if comment is on a pull request |
41 | 45 | id: check-pr |
42 | 46 | run: | |
|
60 | 64 | approve: |
61 | 65 | runs-on: ubuntu-latest |
62 | 66 | needs: process-command |
63 | | - if: contains(github.event.comment.body, '/ok-to-test') |
| 67 | + if: >- |
| 68 | + contains(github.event.comment.body, '/ok-to-test') && |
| 69 | + (github.event.comment.author_association == 'MEMBER' || |
| 70 | + github.event.comment.author_association == 'OWNER') |
| 71 | + permissions: |
| 72 | + actions: write |
| 73 | + contents: read |
| 74 | + issues: write |
| 75 | + pull-requests: read |
64 | 76 | steps: |
65 | 77 | - name: Checkout Main Branch |
66 | 78 | uses: actions/checkout@v5 |
|
94 | 106 |
|
95 | 107 | - name: Leave a Comment |
96 | 108 | env: |
| 109 | + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
97 | 110 | message: ${{ env.output_msg }} |
98 | 111 | run: | |
99 | | - echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token |
100 | | - gh issue comment ${{ github.event.issue.number }} --repo "${{ github.repository }}" --body "${{ env.message }}" |
| 112 | + gh issue comment "${{ github.event.issue.number }}" --repo "${{ github.repository }}" --body "${message}" |
101 | 113 |
|
0 commit comments