working with caBundle as env variable oneline base64 string #95

Workflow file for this run

.github/workflows/check-pr.yml at 7ce4a4c

	name: check-pr
	on:
	pull_request_target:
	branches:
	- 'master'
	paths-ignore:
	- 'docs/**'
	types:
	- 'opened'
	- 'synchronize'
	- 'reopened'
	- 'labeled'
	jobs:
	check-running-allowed:
	runs-on: ubuntu-latest
	outputs:
	result: ${{ steps.check-ownership-membership.outputs.result }}
	steps:
	- id: check-ownership-membership
	uses: actions/github-script@v6
	with:
	github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
	script: \|
	// This is used primarily in forks. Repository owner
	// should be allowed to run anything.
	const userLogin = context.payload.pull_request.user.login;

	// How to interpret membership status code:
	// https://docs.github.com/en/rest/orgs/members?apiVersion=2022-11-28#check-organization-membership-for-a-user
	const isOrgMember = async function () {
	try {
	const response = await github.rest.orgs.checkMembershipForUser({
	org: context.payload.organization.login,
	username: userLogin,
	});
	return response.status == 204;
	} catch (error) {
	if (error.status && error.status == 404) {
	return false;
	}
	throw error;
	}
	}

	if (context.payload.repository.owner.login == userLogin) {
	return true;
	}

	if (await isOrgMember()) {
	return true;
	}

	const labels = context.payload.pull_request.labels;
	const okToTestLabel = labels.find(
	label => label.name == 'ok-to-test'
	);
	return okToTestLabel !== undefined;
	- name: comment-if-waiting-on-ok
	if: steps.check-ownership-membership.outputs.result == 'false' &&
	github.event.action == 'opened'
	uses: actions/github-script@v6
	with:
	script: \|
	github.rest.issues.createComment({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	body: 'Hi! Thank you for contributing!\nThe tests on this PR will run after a maintainer adds an `ok-to-test` label to this PR manually. Thank you for your patience!'
	});
	- name: cleanup-test-label
	uses: actions/github-script@v6
	with:
	script: \|
	const { owner, repo } = context.repo;
	const prNumber = context.payload.pull_request.number;
	const labelToRemove = 'ok-to-test';
	try {
	const result = await github.rest.issues.removeLabel({
	owner,
	repo,
	issue_number: prNumber,
	name: labelToRemove
	});
	} catch(e) {
	// ignore the 404 error that arises
	// when the label did not exist for the
	// organization member
	console.log(e);
	}
	run-tests:
	needs:
	- check-running-allowed
	if: needs.check-running-allowed.outputs.result == 'true'
	uses: ./.github/workflows/run-tests.yml
	secrets: inherit

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

working with caBundle as env variable oneline base64 string #95

Workflow file

working with caBundle as env variable oneline base64 string #95

Jobs

Run details

Workflow file for this run