-
Notifications
You must be signed in to change notification settings - Fork 29.4k
31 lines (30 loc) · 1.62 KB
/
no-dependencies-changes.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
name: Prevent package-lock.json changes in PRs
on: [pull_request]
jobs:
main:
name: Prevent package-lock.json changes in PRs
runs-on: ubuntu-latest
steps:
- uses: octokit/request-action@v2.x
id: get_permissions
with:
route: GET /repos/microsoft/vscode/collaborators/{username}/permission
username: ${{ github.event.pull_request.user.login }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Set control output variable
id: control
run: |
echo "user: ${{ github.event.pull_request.user.login }}"
echo "role: ${{ fromJson(steps.get_permissions.outputs.data).permission }}"
echo "is dependabot: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}"
echo "should_run: ${{ !contains(fromJson('["admin", "maintain", "write"]'), fromJson(steps.get_permissions.outputs.data).permission) }}"
echo "should_run=${{ !contains(fromJson('["admin", "maintain", "write"]'), fromJson(steps.get_permissions.outputs.data).permission) && github.event.pull_request.user.login != 'dependabot[bot]' }}" >> $GITHUB_OUTPUT
- name: Get file changes
uses: trilom/file-changes-action@ce38c8ce2459ca3c303415eec8cb0409857b4272
if: ${{ steps.control.outputs.should_run == 'true' }}
- name: Check for lockfile changes
if: ${{ steps.control.outputs.should_run == 'true' }}
run: |
cat $HOME/files.json | jq -e 'any(test("package-lock\\.json$|Cargo\\.lock$")) | not' \
|| (echo "Changes to package-lock.json/Cargo.lock files aren't allowed in PRs." && exit 1)