From f5d1a3c2f0c33d0be5847b22ce7cc9879df12cde Mon Sep 17 00:00:00 2001 From: Thilo Fromm Date: Mon, 8 May 2023 14:06:50 +0200 Subject: [PATCH] pr-comment-build-dispatcher.yaml: Check team membership This change is a building block for PR builds triggered by PR commands. It checks for membership of the commenter in the Flatcar Maintainers team. Note that the "issue comment" event (which is also triggered on PR comments) is only emitted to workflows in the "main" branch. So in order to test / trigger this workflow, a transient "PR update" event is used, and the "commenter" user's login is hard-coded for testing. This will be updated to using the actual commenter's login before merge. Signed-off-by: Thilo Fromm --- .../pr-comment-build-dispatcher.yaml | 57 +++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 .github/workflows/pr-comment-build-dispatcher.yaml diff --git a/.github/workflows/pr-comment-build-dispatcher.yaml b/.github/workflows/pr-comment-build-dispatcher.yaml new file mode 100644 index 0000000000..e6ca1dac1d --- /dev/null +++ b/.github/workflows/pr-comment-build-dispatcher.yaml @@ -0,0 +1,57 @@ +name: "Dispatch SDK container rebuilds, OS image builds, and OS image tests from PR comments" +on: + issue_comment: + types: [created] + pull_request: + # This is temporary for testing the workflow. + # Comment events are only processed for workflows in the main branch + types: [opened, reopened, synchronize] + +permissions: + pull-requests: write + +jobs: + + check_maintainer_membership: + # Only run if this is a PR comment that contains a valid command +# if: | +# ${{ github.event.issue.pull_request }} && +# ( contains(github.event.comment.body, '/build-sdk') +# || contains(github.event.comment.body, '/build-image') ) + name: Check if commenter is in the Flatcar maintainers team + outputs: + maintainers: steps.step1.output.maintainers + runs-on: + - ubuntu-latest + steps: + - name: Fetch members of the maintainers team + env: +# - requester: ${{ github.event.comment.user.login }} + requester: "t-lo" + shell: bash + run: | + curl -L --silent \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${{ secrets.GH_ACTIONS_ORG_READ }}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/orgs/flatcar/teams/flatcar-maintainers/members \ + | jq -r '.[].login' > maintainers.txt + + echo "Current members of the maintainers team:" + cat maintainers.txt + + res=false + echo "Checking for membership of '${{ env.requester }}'" + if grep -qE "^${{ env.requester }}$" maintainers.txt ; then + echo "Succeeded." + res=true + else + echo "FAILED: '${{ env.requester }} is not a member of the Flatcar maintainers team." + fi + + $res + +# name: "Build the OS image" +# uses: ./.github/workflows/ci.yaml +# with: +# custom_sdk_version: ${{ github.event.inputs.custom_sdk_version }}