-
Notifications
You must be signed in to change notification settings - Fork 296
122 lines (106 loc) Β· 4.25 KB
/
path-check.yml
File metadata and controls
122 lines (106 loc) Β· 4.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: Community PR Path Check
on:
pull_request_target:
branches: [dev, main]
permissions:
pull-requests: write
issues: write
jobs:
path-check:
name: path-check
runs-on: ubuntu-latest
if: >
github.event.pull_request.author_association != 'MEMBER' &&
github.event.pull_request.author_association != 'OWNER'
steps:
- name: Check community PR only touches community folder
id: check
uses: actions/github-script@v7
with:
script: |
const { data: files } = await github.rest.pulls.listFiles({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
per_page: 100
});
console.log("π Checking files changed in this PR...\n");
let violation = false;
let allowed = [];
let blocked = [];
for (const file of files) {
if (file.filename.startsWith('community/')) {
console.log(`β
${file.filename}`);
allowed.push(file.filename);
} else {
console.log(`β ${file.filename} (NOT ALLOWED)`);
blocked.push(file.filename);
violation = true;
}
}
core.setOutput('violation', violation);
core.setOutput('allowed', JSON.stringify(allowed));
core.setOutput('blocked', JSON.stringify(blocked));
if (violation) {
core.setFailed("Community PR modifies files outside community/ folder");
} else {
console.log("\nβ
All changed files are inside community/ folder!");
}
- name: Comment on PR
if: always()
uses: actions/github-script@v7
with:
script: |
const violation = ${{ steps.check.outputs.violation }};
const allowed = ${{ steps.check.outputs.allowed }};
const blocked = ${{ steps.check.outputs.blocked }};
let body = '';
if (violation) {
const blockedList = blocked.map(f => `- β \`${f}\``).join('\n');
const allowedList = allowed.map(f => `- β
\`${f}\``).join('\n');
body = `## π« Community PR Path Check β Failed\n\n` +
`Community PRs can **only** modify files inside the \`community/\` folder.\n\n` +
`### β Not Allowed\n${blockedList}\n\n` +
(allowedList ? `### β
Allowed\n${allowedList}\n\n` : '') +
`---\n` +
`> **Please remove changes to files outside \`community/\`.**\n` +
`> If you need changes elsewhere, open an issue to discuss with maintainers.`;
} else {
body = `## β
Community PR Path Check β Passed\n\n` +
`All changed files are inside the \`community/\` folder. Looks good!`;
}
// Find existing bot comment
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
});
const marker = '## π« Community PR Path Check';
const markerPass = '## β
Community PR Path Check';
const existing = comments.find(c =>
c.user.type === 'Bot' &&
(c.body.includes(marker) || c.body.includes(markerPass))
);
if (existing) {
await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: existing.id,
body: body,
});
} else {
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: body,
});
}
path-check-member:
name: path-check
runs-on: ubuntu-latest
if: >
github.event.pull_request.author_association == 'MEMBER' ||
github.event.pull_request.author_association == 'OWNER'
steps:
- run: echo "β
Org member β all paths allowed"