Skip to content

Commit 1455122

Browse files
committed
Wip access check
1 parent fcd4bd0 commit 1455122

File tree

1 file changed

+18
-19
lines changed

1 file changed

+18
-19
lines changed

.github/workflows/run-tests.yml

Lines changed: 18 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -7,41 +7,40 @@ on:
77
- cron: '0 0 * * *'
88

99
jobs:
10-
remove_label:
10+
access_check:
1111
runs-on: ubuntu-latest
12+
name: Access check
1213
steps:
13-
- name: Remove safe-to-test label
14+
- name: Ensure pull-request is safe to run
1415
uses: actions/github-script@v5
1516
with:
1617
github-token: ${{secrets.GITHUB_TOKEN}}
1718
script: |
1819
const issue_number = context.issue.number;
1920
const repository = context.repo.repo;
2021
const owner = context.repo.owner;
22+
2123
const response = await github.rest.issues.listLabelsOnIssue({
2224
owner,
2325
repo: repository,
2426
issue_number
2527
});
2628
const labels = response.data.map(label => label.name);
27-
if (labels.includes('safe-to-test')) {
28-
await github.rest.issues.removeLabel({
29-
owner,
30-
repo: repository,
31-
issue_number,
32-
name: 'safe-to-test'
33-
});
29+
let hasLabel = labels.includes('safe-to-test')
30+
31+
if (context.eventName === 'synchronize' && hasLabel) {
32+
hasLabel = false
33+
await github.rest.issues.removeLabel({
34+
owner,
35+
repo: repository,
36+
issue_number,
37+
name: 'safe-to-test'
38+
});
39+
}
40+
41+
if (!hasLabel) {
42+
throw "Action was not authorized. Exiting now."
3443
}
35-
36-
access_check:
37-
runs-on: ubuntu-latest
38-
needs: remove_label
39-
steps:
40-
- name: Check user permissions
41-
if: ${{ ! contains(github.event.pull_request.labels.*.name, 'safe-to-test') }}
42-
run: |
43-
echo "Action was not authorized. Exiting now."
44-
exit 1
4544
4645
php-tests:
4746
runs-on: ubuntu-latest

0 commit comments

Comments
 (0)