From 5e96af1ac05eb479cae8ca0c04dc036d8c619ea5 Mon Sep 17 00:00:00 2001
From: Anton Korobeynikov <anton@korobeynikov.info>
Date: Fri, 2 Feb 2024 16:03:15 -0800
Subject: [PATCH 1/2] Add github workflow that checks if a private email
 address was used to contribute to the repo and warn in this case.

---
 .github/workflows/email-check.yaml | 36 ++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 .github/workflows/email-check.yaml

diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
new file mode 100644
index 0000000000000..4b729ddfa42d5
--- /dev/null
+++ b/.github/workflows/email-check.yaml
@@ -0,0 +1,36 @@
+name: "Check for private emails used in PRs"
+on: pull_request_target
+permissions:
+  pull-requests: write
+
+jobs:
+  validate_email:
+    runs-on: ubuntu-latest
+    if: github.repository == 'llvm/llvm-project'
+    steps:
+      - name: Fetch LLVM sources
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Extract author email
+        id: author
+        run: |
+          git log -1
+          echo "EMAIL=$(git show -s --format='%ae' HEAD~0)" >> $GITHUB_OUTPUT
+
+      - name: Validate author email
+        if: ${{ endsWith(steps.author.outputs.EMAIL, 'noreply.github.com')  }}
+        uses: actions/github-script@v6
+        env:
+          EMAIL: ${{ steps.author.outputs.EMAIL }}
+        with:
+          script: |
+            const { EMAIL } = process.env
+            await github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: `⚠️ We detected that you are using a GitHub private e-mail address to contribute to the repo.
+              Please turn off [Keep my email addresses private](https://github.com/settings/emails) setting in your account.
+            `})

From 34d986ae81052f0f702f330c3aa805d720c271d7 Mon Sep 17 00:00:00 2001
From: Anton Korobeynikov <anton@korobeynikov.info>
Date: Fri, 2 Feb 2024 22:03:12 -0800
Subject: [PATCH 2/2] Rearrange permissions

---
 .github/workflows/email-check.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
index 4b729ddfa42d5..2b37a6eab5356 100644
--- a/.github/workflows/email-check.yaml
+++ b/.github/workflows/email-check.yaml
@@ -1,10 +1,14 @@
 name: "Check for private emails used in PRs"
+
 on: pull_request_target
+
 permissions:
-  pull-requests: write
+  contents: read
 
 jobs:
   validate_email:
+    permissions:
+      pull-requests: write
     runs-on: ubuntu-latest
     if: github.repository == 'llvm/llvm-project'
     steps: