Skip to content

[pull] main from github:main #9802

[pull] main from github:main

[pull] main from github:main #9802

name: Check unallowed file changes
# **What it does**: If someone changes some files in the open repo, we prevent the pull request from merging.
# **Why we have it**: Some files can only be changed in the internal repository for security and workflow reasons.
# **Who does it impact**: Open source contributors.
on:
# Needed in lieu of `pull_request` so that PRs from a fork can be notified of unallowed changes.
pull_request_target:
permissions:
contents: read
pull-requests: write
jobs:
triage:
if: >-
${{
github.repository == 'github/docs' &&
github.event.pull_request.user.login != 'docs-bot' &&
github.event.pull_request.user.login != 'dependabot[bot]'
}}
runs-on: ubuntu-latest
steps:
- name: Check out repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Get files changed
uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd
id: filter
with:
# Base branch used to get changed files
base: 'main'
# Enables setting an output in the format in `${FILTER_NAME}_files
# with the names of the matching files formatted as JSON array
list-files: json
# Returns list of changed files matching each filter
filters: 'src/workflows/unallowed-contribution-filters.yml'
- name: Set up Node and dependencies
if: ${{ steps.filter.outputs.notAllowed || steps.filter.outputs.contentTypes}}
uses: ./.github/actions/node-npm-setup
# When there are changes to files we can't accept, leave a comment
# explaining this to the PR author
- name: "Comment about changes we can't accept"
if: ${{ steps.filter.outputs.notAllowed || steps.filter.outputs.contentTypes}}
run: npm run unallowed-contributions
env:
REPO_OWNER_AND_NAME: ${{ github.repository }}
PR_NUMBER: ${{ github.event.number }}
FILE_PATHS_NOT_ALLOWED: ${{ steps.filter.outputs.notAllowed_files }}
CHANGED_FILE_PATHS: ${{ steps.filter.outputs.contentTypes_files }}
ADDED_CONTENT_FILES: ${{ steps.filter.outputs.added_files }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}