Add authorization scriptlet #2122
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Commits | |
on: | |
- pull_request | |
permissions: | |
contents: read | |
jobs: | |
dco-check: | |
permissions: | |
pull-requests: read # for tim-actions/get-pr-commits to get list of commits from the PR | |
name: Signed-off-by (DCO) | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Get PR Commits | |
id: 'get-pr-commits' | |
uses: tim-actions/get-pr-commits@master | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Check that all commits are signed-off | |
uses: tim-actions/dco@master | |
with: | |
commits: ${{ steps.get-pr-commits.outputs.commits }} | |
target-branch: | |
permissions: | |
contents: none | |
name: Branch target | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Check branch target | |
env: | |
TARGET: ${{ github.event.pull_request.base.ref }} | |
TITLE: ${{ github.event.pull_request.title }} | |
run: | | |
set -eux | |
TARGET_FROM_PR_TITLE="$(echo "${TITLE}" | sed -n 's/.*(\(stable-[0-9]\.[0-9]\))$/\1/p')" | |
if [ -z "${TARGET_FROM_PR_TITLE}" ]; then | |
TARGET_FROM_PR_TITLE="main" | |
else | |
echo "Branch target overridden from PR title" | |
fi | |
[ "${TARGET}" = "${TARGET_FROM_PR_TITLE}" ] && exit 0 | |
echo "Invalid branch target: ${TARGET} != ${TARGET_FROM_PR_TITLE}" | |
exit 1 |