[BUG] [v0.0.7] cortex run --file *.gql falls back to application/octet-stream #130909
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Protect Labels | |
| on: | |
| issues: | |
| types: [labeled, unlabeled] | |
| jobs: | |
| protect-label: | |
| # Protect: valid, cortex, vgrep, term-challenge, bounty-challenge | |
| if: contains(fromJson('["valid", "cortex", "vgrep", "term-challenge", "bounty-challenge"]'), github.event.label.name) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| issues: write | |
| steps: | |
| - name: Check actor permissions | |
| id: check | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| // Protected labels that affect rewards | |
| const PROTECTED_LABELS = ['valid', 'cortex', 'vgrep', 'term-challenge', 'bounty-challenge']; | |
| // List of users allowed to manage protected labels | |
| // Add maintainer usernames here | |
| const ALLOWED_USERS = [ | |
| 'echobt', | |
| 'cortex-admin', | |
| 'maintainer1', | |
| 'maintainer2' | |
| // Add more maintainers as needed | |
| ]; | |
| const actor = context.actor; | |
| const eventAction = context.payload.action; // 'labeled' or 'unlabeled' | |
| const issueNumber = context.payload.issue.number; | |
| console.log(`Actor: ${actor}`); | |
| console.log(`Action: ${eventAction}`); | |
| console.log(`Issue: #${issueNumber}`); | |
| // Check if actor is allowed | |
| if (ALLOWED_USERS.includes(actor)) { | |
| console.log(`✅ ${actor} is authorized to ${eventAction} the 'valid' label`); | |
| return; | |
| } | |
| // Check if actor is a collaborator with admin/maintain permissions | |
| try { | |
| const { data: permission } = await github.rest.repos.getCollaboratorPermissionLevel({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| username: actor | |
| }); | |
| if (['admin', 'maintain'].includes(permission.permission)) { | |
| console.log(`✅ ${actor} has ${permission.permission} permission`); | |
| return; | |
| } | |
| } catch (e) { | |
| console.log(`Could not check permissions: ${e.message}`); | |
| } | |
| // Unauthorized - revert the label change | |
| const labelName = context.payload.label.name; | |
| console.log(`❌ ${actor} is NOT authorized to modify the '${labelName}' label`); | |
| if (eventAction === 'labeled') { | |
| // Remove the label that was just added | |
| await github.rest.issues.removeLabel({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: issueNumber, | |
| name: labelName | |
| }); | |
| console.log(`Removed '${labelName}' label from issue #${issueNumber}`); | |
| } else if (eventAction === 'unlabeled') { | |
| // Re-add the label that was just removed | |
| await github.rest.issues.addLabels({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: issueNumber, | |
| labels: [labelName] | |
| }); | |
| console.log(`Re-added '${labelName}' label to issue #${issueNumber}`); | |
| } | |
| // Add a comment explaining the revert | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: issueNumber, | |
| body: `⚠️ **Label Protection**: The \`${labelName}\` label can only be modified by authorized maintainers. Your change has been reverted.\n\nProtected labels: \`valid\`, \`cortex\`, \`vgrep\`, \`term-challenge\`, \`bounty-challenge\`` | |
| }); | |
| core.setFailed(`Unauthorized label modification by ${actor}`); |