-
Notifications
You must be signed in to change notification settings - Fork 388
80 lines (70 loc) · 3.3 KB
/
schedule-run-ci-external.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# This workflow is aim to let external contributors to run the integration tests.
# * Check if the user is a external or internal contributor or not (who is in the org or not).
# * If the user is a external contributor, remove the label "ci:schedule_run_ci" for each push.
# * The PR with label "ci:schedule_run_ci" can trigger the `workflows/build.yml`.
#
# If the user is a external contributor, the repo owener or the users with write access should response for add the
# label "ci:schedule_run_ci" to allow the external contributor to run the CI.
name: Schedule run ci external
on:
pull_request_target:
types: [labeled, synchronize]
jobs:
check_permission:
name: Check permission
if: ${{ !contains(github.event.pull_request.labels.*.name, 'ci:skip') }}
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- name: Check if external contributors
id: check-contributors-result
uses: actions/github-script@v6
with:
github-token: ${{ secrets.LABEL_ACTION_PAT }}
debug: true
script: |
const org = "AgoraIO-Extensions"
const userName = "${{ github.event.pull_request.user.login }}"
let contributorStatus = -1; // unknown
try {
// see https://docs.github.com/en/rest/orgs/members?apiVersion=2022-11-28#check-organization-membership-for-a-user
const response = await github.request('GET /orgs/{org}/members/{username}', {
org: org,
username: userName,
headers: {
'X-GitHub-Api-Version': '2022-11-28'
}
})
console.log(`response: ${response.data}`);
if (response.status == 204) {
console.log(`Internal contributor: ${userName}`);
} else {
console.log(`External contributor: ${userName}`);
}
// 0: internal contributors
// 1: external contributors
contributorStatus = response.status == 204 ? 0 : 1
} catch (error) {
console.log(`Error: ${error.message}`);
// 404 mean external contributors
contributorStatus = error.status == 404 ? 1 : contributorStatus
console.log(`contributorStatus: ${contributorStatus}`);
}
return contributorStatus;
- name: Remove label ci:schedule_run_ci if necessary
# If the external contributor (steps.check-contributors-result.outputs.result > 0) push a new commit (github.event.action == 'synchronize'),
# remove the label: ci:schedule_run_ci to avoid the contributor do some harmful things.
if: ${{ github.event.action == 'synchronize' && steps.check-contributors-result.outputs.result > 0 }}
uses: actions-ecosystem/action-remove-labels@v1
with:
github_token: ${{ secrets.LABEL_ACTION_PAT }}
repo: 'AgoraIO-Extensions'
number: 'Agora-Flutter-SDK'
labels: ci:schedule_run_ci
schedule_ci:
name: Schedule run ci for external contributors
needs: check_permission
if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:schedule_run_ci') }}
uses: ./.github/workflows/build.yml
secrets:
MY_APP_ID: ${{ secrets.MY_APP_ID }}