Skip to content

[Snyk] Security upgrade node from 18.15-alpine to 18.20.5-alpine #23

[Snyk] Security upgrade node from 18.15-alpine to 18.20.5-alpine

[Snyk] Security upgrade node from 18.15-alpine to 18.20.5-alpine #23

name: Notify When Maintainers Cannot Edit
# **What it does**: Notifies the author of a PR when their PR does not allow maintainers to edit it.
# **Why we have it**: To prevent having to do this manually.
# **Who does it impact**: Open-source.
on:
# Needed in lieu of `pull_request` so that PRs from a fork can be notified.
pull_request_target:
types:
- opened
permissions:
contents: read
pull-requests: write
jobs:
notify-when-maintainers-cannot-edit:
if: github.repository == 'github/docs'
runs-on: ubuntu-latest
steps:
- uses: actions/github-script@e69ef5462fd455e02edcaf4dd7708eda96b9eda0
with:
script: |
const query = `
query($number: Int!) {
repository(owner: "github", name: "docs") {
pullRequest(number: $number) {
headRepositoryOwner {
login
}
maintainerCanModify
}
}
}
`;
const pullNumber = context.issue.number;
const variables = { number: pullNumber };
try {
console.log(`Check github/docs#${pullNumber} for maintainer edit access ...`);
const result = await github.graphql(query, variables);
console.log(JSON.stringify(result, null, 2));
const pullRequest = result.repository.pullRequest;
if (pullRequest.headRepositoryOwner.login === 'github') {
console.log('PR owned by github');
return;
}
if (!pullRequest.maintainerCanModify) {
console.log('PR not owned by github and does not have maintainer edits enabled');
await github.rest.issues.createComment({
issue_number: pullNumber,
owner: 'github',
repo: 'docs',
body: "Thanks for submitting a PR to the GitHub Docs project!\n\nIn order to review and merge PRs most efficiently, we require that all PRs grant maintainer edit access before we review them. For information on how to do this, [see the documentation](https://docs.github.com/en/github/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork)."
});
}
} catch(e) {
console.log(e);
}