105 lines
3.0 KiB
YAML
105 lines
3.0 KiB
YAML
name: Restrict PR Authors & Committers
|
|
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, reopened, synchronize]
|
|
branches:
|
|
- dev_odex-event
|
|
- dev_odex25_accounting
|
|
- dev_odex25_base
|
|
- dev_odex25_dms
|
|
- dev_odex25_fleet
|
|
- dev_odex25_hr
|
|
- dev_odex25_inventory
|
|
- dev_odex25_maintenance
|
|
- dev_odex25_mobile
|
|
- dev_odex25_pos
|
|
- dev_odex25_project
|
|
- dev_odex25_purchase
|
|
- dev_odex25_realstate
|
|
- dev_odex25_sales
|
|
- dev_odex25_survey
|
|
- dev_odex25_transactions
|
|
- dev_odex25_website
|
|
- dev_openeducat_erp-14.0.1.0
|
|
- dev_odex25_ensan
|
|
- dev_odex25_helpdesk
|
|
- dev_odex25_donation
|
|
|
|
jobs:
|
|
validate:
|
|
runs-on: linting_odex25-standard-modules_runner
|
|
|
|
steps:
|
|
- name: Validate PR Author & Commit Authors
|
|
uses: actions/github-script@v7
|
|
with:
|
|
github-token: ${{ secrets.PR_CLOSE_TOKEN }}
|
|
script: |
|
|
// List of allowed users (all lowercase)
|
|
const allowed = [
|
|
"expsa",
|
|
"moutazmuhammad",
|
|
"ronozoro",
|
|
"abubaker-altaib",
|
|
"altexp",
|
|
"the5abir",
|
|
"ahmadaking",
|
|
"kchyounes19",
|
|
"abdurrahman-saber"
|
|
].map(u => u.toLowerCase());
|
|
|
|
const pr = context.payload.pull_request;
|
|
const prAuthor = pr.user.login.toLowerCase();
|
|
const owner = context.repo.owner;
|
|
const repo = context.repo.repo;
|
|
|
|
core.info(`PR author: ${prAuthor}`);
|
|
core.info(`Allowed users: ${allowed.join(", ")}`);
|
|
|
|
// Check PR author
|
|
if (!allowed.includes(prAuthor)) {
|
|
core.error(`Unauthorized PR author: ${prAuthor}. Closing PR...`);
|
|
await github.rest.pulls.update({
|
|
owner,
|
|
repo,
|
|
pull_number: pr.number,
|
|
state: "closed"
|
|
});
|
|
return;
|
|
}
|
|
|
|
// Check commit authors
|
|
const commitList = await github.rest.pulls.listCommits({
|
|
owner,
|
|
repo,
|
|
pull_number: pr.number
|
|
});
|
|
|
|
for (const commit of commitList.data) {
|
|
const commitAuthor = commit.author ? commit.author.login.toLowerCase() : null;
|
|
|
|
if (!commit.author) {
|
|
core.warning(`Commit ${commit.sha} has no GitHub-linked author.`);
|
|
}
|
|
|
|
if (commitAuthor && !allowed.includes(commitAuthor)) {
|
|
core.error(`Unauthorized commit author: ${commitAuthor}. Closing PR...`);
|
|
|
|
await github.rest.pulls.update({
|
|
owner,
|
|
repo,
|
|
pull_number: pr.number,
|
|
state: "closed"
|
|
});
|
|
|
|
return;
|
|
}
|
|
}
|
|
|
|
core.info("All PR authors and committers are allowed.");
|