pr-comment-build-dispatcher.yaml: Check team membership

This change is a building block for PR builds triggered by PR commands. It checks for membership of the commenter in the Flatcar Maintainers team. Note that the "issue comment" event (which is also triggered on PR comments) is only emitted to workflows in the "main" branch. So in order to test / trigger this workflow, a transient "PR update" event is used, and the "commenter" user's login is hard-coded for testing. This will be updated to using the actual commenter's login before merge. Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
2025-08-07 13:06:59 +02:00 · 2023-05-08 14:06:50 +02:00 · 2023-05-08 14:06:50 +02:00 · f5d1a3c2f0
commit f5d1a3c2f0
parent d92589280b
1 changed files with 57 additions and 0 deletions
--- a/.github/workflows/pr-comment-build-dispatcher.yaml
+++ b/.github/workflows/pr-comment-build-dispatcher.yaml
@ -0,0 +1,57 @@
 name: "Dispatch SDK container rebuilds, OS image builds, and OS image tests from PR comments"
 on:
  issue_comment:
    types: [created]
  pull_request:
    # This is temporary for testing the workflow.
    #  Comment events are only processed for workflows in the main branch
    types: [opened, reopened, synchronize]
 permissions:
  pull-requests: write
 jobs:
  check_maintainer_membership:
    # Only run if this is a PR comment that contains a valid command
 #    if: |
 #      ${{ github.event.issue.pull_request }} &&
 #        (    contains(github.event.comment.body, '/build-sdk')
 #          || contains(github.event.comment.body, '/build-image') )
    name: Check if commenter is in the Flatcar maintainers team
    outputs:
      maintainers: steps.step1.output.maintainers
    runs-on:
      - ubuntu-latest
    steps:
      - name: Fetch members of the maintainers team
        env:
 #          - requester: ${{ github.event.comment.user.login }}
          requester: "t-lo"
        shell: bash
        run: |
          curl -L --silent \
                  -H "Accept: application/vnd.github+json" \
                  -H "Authorization: Bearer ${{ secrets.GH_ACTIONS_ORG_READ }}" \
                  -H "X-GitHub-Api-Version: 2022-11-28" \
                  https://api.github.com/orgs/flatcar/teams/flatcar-maintainers/members \
              | jq -r '.[].login' > maintainers.txt
          echo "Current members of the maintainers team:"
          cat maintainers.txt
          res=false
          echo "Checking for membership of '${{ env.requester }}'"
          if grep -qE "^${{ env.requester }}$" maintainers.txt ; then
            echo "Succeeded."
            res=true
          else
            echo "FAILED: '${{ env.requester }} is not a member of the Flatcar maintainers team."
          fi
          $res
 #    name: "Build the OS image"
 #    uses: ./.github/workflows/ci.yaml
 #    with:
 #      custom_sdk_version: ${{ github.event.inputs.custom_sdk_version }}