Skip to content

Commit

Permalink
Add access checks prior to checking our PRs
Browse files Browse the repository at this point in the history
Ensure only users with write permissions can run CI

Signed-off-by: Kyle Squizzato <[email protected]>
  • Loading branch information
squizzi committed Oct 18, 2024
1 parent 65db759 commit 9cb3960
Showing 1 changed file with 17 additions and 0 deletions.
17 changes: 17 additions & 0 deletions .github/workflows/build_test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ on:
paths-ignore:
- 'config/**'
- '**.md'
- '.github/**'
push:
tags:
- '*'
Expand All @@ -32,6 +33,22 @@ jobs:
clustername: ${{ steps.vars.outputs.clustername }}
pr: ${{ steps.pr.outputs.result }}
steps:
- name: Get User Permissions
id: checkAccess
uses: actions-cool/check-user-permission@v2
with:
require: write
username: ${{ github.triggering_actor }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check User Permissions
if: steps.checkAccess.outputs.require-result == 'false'
run: |
echo "${{ github.triggering_actor }} does not have permissions on this repo."
echo "Current permission level: ${{ steps.checkAccess.outputs.user-permission }}"
echo "Job originally triggered by: ${{ github.actor }}"
echo "This job must be triggered by a user with proper permissions, if you have opened a PR and lack permissions please ask a repo collaborator to re-run this job on your behalf."
exit 1
- name: Get PR ref
uses: actions/github-script@v6
id: pr
Expand Down

0 comments on commit 9cb3960

Please sign in to comment.