From 403d77623338bf6fbb48d8f9fb3234df4d459ba4 Mon Sep 17 00:00:00 2001 From: Ming Wang Date: Tue, 15 Aug 2023 13:36:48 -0400 Subject: [PATCH] update command permissions --- .github/workflows/pr-ci.yml | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/.github/workflows/pr-ci.yml b/.github/workflows/pr-ci.yml index 106fe5f910..2c05980bb3 100644 --- a/.github/workflows/pr-ci.yml +++ b/.github/workflows/pr-ci.yml @@ -17,11 +17,11 @@ jobs: - name: Fail if needs-triage label applied if: ${{ contains(github.event.issue.labels.*.name, 'needs-triage') }} run: exit 1 - - name: Check command permission allowed + - name: Show warning if permission is denied if: | - github.event.comment.author_association != 'MEMBER' && - github.event.comment.author_association != 'OWNER' && - !contains(github.event.issue.labels.*.name, 'safe-to-test') + !(github.event.comment.author_association == 'MEMBER' || + github.event.comment.author_association == 'OWNER') + && !contains(github.event.issue.labels.*.name, 'safe-to-test') uses: thollander/actions-comment-pull-request@v2 with: message: |- @@ -29,9 +29,25 @@ jobs: to resolve the issue. - name: Fail if command permission is not allowed if: | - github.event.comment.author_association != 'MEMBER' && - github.event.comment.author_association != 'OWNER' && - !contains(github.event.issue.labels.*.name, 'safe-to-test') + !(github.event.comment.author_association == 'MEMBER' || + github.event.comment.author_association == 'OWNER') + && !contains(github.event.issue.labels.*.name, 'safe-to-test') + run: exit 1 + - name: Show warning if safe-to-test applied and permission denied + if: | + !(github.event.comment.author_association == 'MEMBER' || + github.event.comment.author_association == 'OWNER' || + github.event.issue.user.name == github.event.comment.user.name) + uses: thollander/actions-comment-pull-request@v2 + with: + message: |- + You do not have permission to run the /build_test command. Please ask Cryostat @reviewers + to resolve the issue. + - name: Fail if safe-to-test applied and command permission is not allowed + if: | + !(github.event.comment.author_association == 'MEMBER' || + github.event.comment.author_association == 'OWNER' || + github.event.issue.user.name == github.event.comment.user.name) run: exit 1 - name: React to comment uses: actions/github-script@v4