Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Protect Auditors Group | |
on: | |
push: | |
jobs: | |
check_membership: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Compare Group Members | |
env: | |
GH_PAT: ${{ secrets.GIT_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
##### unset the default git token (does not have sufficient rights to get team members) | |
unset GITHUB_TOKEN | |
##### use the Personal Access Token to log into git CLI | |
echo $GH_PAT | gh auth login --with-token | |
# Function to get team members | |
getTeamMembers() { | |
local org=$1 | |
local team=$2 | |
gh api \ | |
-H "Accept: application/vnd.github+json" \ | |
-H "X-GitHub-Api-Version: 2022-11-28" \ | |
"/orgs/$org/teams/$team/members" | jq -r '.[].login' | |
} | |
ORG_NAME="lifinance" | |
SC_ADMINS="smart-contract-admins" | |
SC_CORE="smart-contract-core" | |
AUDITORS="auditors" | |
##### Get members of each group | |
echo "Fetching members of $SC_ADMINS..." | |
groupAMembers=$(getTeamMembers $ORG_NAME $SC_ADMINS) | |
echo "Fetching members of $SC_CORE..." | |
groupBMembers=$(getTeamMembers $ORG_NAME $SC_CORE) | |
echo "Fetching members of $AUDITORS..." | |
groupCMembers=$(getTeamMembers $ORG_NAME $AUDITORS) | |
##### Check overlap between smart-contract-core and auditors | |
overlap=$(echo "$groupAMembers" | grep -Fxf - <(echo "$groupCMembers")) | |
if [ -n "$overlap" ]; then | |
echo -e "\033[31mERROR: The following members are in both $SC_ADMINS and $AUDITORS: $overlap\033[0m" | |
echo -e "\033[31mAuditors must be external personnel and cannot be team members or admins\033[0m" | |
exit 1 | |
else | |
echo -e "\033[32mNo overlap found between $SC_ADMINS and $AUDITORS.\033[0m" | |
fi | |
##### Check overlap between smart-contract-admins and auditors | |
overlap2=$(echo "$groupBMembers" | grep -Fxf - <(echo "$groupCMembers")) | |
if [ -n "$overlap2" ]; then | |
echo -e "\033[31mERROR: The following members are in both $SC_CORE and $AUDITORS: $overlap2\033[0m" | |
echo -e "\033[31mAuditors must be external personnel and cannot be team members or admins\033[0m" | |
exit 1 | |
else | |
echo -e "\033[32mNo overlap found between $SC_CORE and $AUDITORS.\033[0m" | |
fi |