зеркало из https://github.com/github/docs.git
106 строки
4.0 KiB
YAML
106 строки
4.0 KiB
YAML
name: Check unallowed file changes
|
|
|
|
# **What it does**: If someone changes some files in the open repo, we prevent the pull request from merging.
|
|
# **Why we have it**: Some files can only be changed in the internal repository for security and workflow reasons.
|
|
# **Who does it impact**: Open source contributors.
|
|
|
|
on:
|
|
pull_request_target:
|
|
paths:
|
|
- '.devcontainer/**'
|
|
- '.github/actions-scripts/**'
|
|
- '.github/workflows/**'
|
|
- '.github/CODEOWNERS'
|
|
- 'assets/fonts/**'
|
|
- 'data/graphql/**'
|
|
- 'Dockerfile*'
|
|
- 'src/**'
|
|
- 'lib/redirects/**'
|
|
- 'package*.json'
|
|
- 'script/**'
|
|
- 'content/actions/deployment/security-hardening-your-deployments/**'
|
|
|
|
permissions:
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
triage:
|
|
if: >-
|
|
${{
|
|
github.repository == 'github/docs' &&
|
|
github.event.pull_request.user.login != 'Octomerger' &&
|
|
github.event.pull_request.user.login != 'dependabot[bot]'
|
|
}}
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Get files changed
|
|
uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50
|
|
id: filter
|
|
with:
|
|
# Base branch used to get changed files
|
|
base: 'main'
|
|
|
|
# Enables setting an output in the format in `${FILTER_NAME}_files
|
|
# with the names of the matching files formatted as JSON array
|
|
list-files: json
|
|
|
|
# Returns list of changed files matching each filter
|
|
filters: |
|
|
openapi:
|
|
- 'src/rest/data/**'
|
|
notAllowed:
|
|
- '.devcontainer/**'
|
|
- '.github/actions-scripts/**'
|
|
- '.github/workflows/**'
|
|
- '.github/CODEOWNERS'
|
|
- 'assets/fonts/**'
|
|
- 'data/graphql/**'
|
|
- 'Dockerfile*'
|
|
- 'src/**'
|
|
- 'lib/redirects/**'
|
|
- 'package*.json'
|
|
- 'scripts/**'
|
|
- 'content/actions/deployment/security-hardening-your-deployments/**'
|
|
|
|
# When there are changes to files we can't accept, leave a comment
|
|
# explaining this to the PR author
|
|
- name: "Comment about changes we can't accept"
|
|
if: ${{ steps.filter.outputs.notAllowed }}
|
|
uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975
|
|
with:
|
|
script: |
|
|
const badFilesArr = [
|
|
'.devcontainer/**',
|
|
'.github/actions-scripts/**',
|
|
'.github/workflows/**',
|
|
'.github/CODEOWNERS',
|
|
'assets/fonts/**',
|
|
'data/graphql/**',
|
|
'Dockerfile*',
|
|
'src/**',
|
|
'lib/redirects/**',
|
|
'package*.json',
|
|
'scripts/**',
|
|
'content/actions/deployment/security-hardening-your-deployments/**',
|
|
]
|
|
|
|
const badFiles = badFilesArr.join('\n')
|
|
|
|
let reviewMessage = `👋 Hey there spelunker. It looks like you've modified some files that we can't accept as contributions. The complete list of files we can't accept are:\n${badFiles}\n\nYou'll need to revert all of the files you changed in that list using [GitHub Desktop](https://docs.github.com/en/free-pro-team@latest/desktop/contributing-and-collaborating-using-github-desktop/managing-commits/reverting-a-commit) or \`git checkout origin/main <file name>\`. Once you get those files reverted, we can continue with the review process. :octocat:`
|
|
let workflowFailMessage = "It looks like you've modified some files that we can't accept as contributions."
|
|
|
|
try {
|
|
createdComment = await github.rest.issues.createComment({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
issue_number: context.payload.number,
|
|
body: reviewMessage,
|
|
})
|
|
|
|
workflowFailMessage = `${workflowFailMessage} Please see ${createdComment.data.html_url} for details.`
|
|
} catch(err) {
|
|
console.log("Error creating comment.", err)
|
|
}
|
|
|
|
core.setFailed(workflowFailMessage)
|