Skip to content

fix(ci): check dependabot PR user instead of actor #641

fix(ci): check dependabot PR user instead of actor

fix(ci): check dependabot PR user instead of actor #641

# This is a copy of the equivalent file in mdn/content.
# See https://github.com/mdn/content/blob/main/.github/workflows/system-file-changes.yml
# If you make changes here, make sure it first makes sense in that repo.
name: System file changes
on:
pull_request_target:
paths:
- ".github/**"
- package.json
- yarn.lock
jobs:
block:
# This make sure it only runs on our origin repo
# and make an exception for Dependabot.
if: github.repository_owner == 'mdn' && github.event.pull_request.user.login != 'dependabot[bot]'
runs-on: ubuntu-latest
steps:
- name: Stop anything and everything
run: |
# It would be nice if we could disable this workflow if the PR
# was made from a branch within the origin repo. But it seems you
# can'd do that :(
# See https://github.community/t/how-do-you-figure-out-if-a-pr-is-from-a-work-in-pull-request-target-workflows/170001
echo "If you're an admin, you have you use your admin privileges to override."
echo "If you're not an admin, please ping someone for a review."
exit 1