|
|
|
|
@ -14,19 +14,20 @@ jobs:
|
|
|
|
|
- name: Check if comment author is a member of k3s-dev team
|
|
|
|
|
uses: actions/github-script@v7
|
|
|
|
|
with:
|
|
|
|
|
# Catch 404 errors if user is not a member of the organization
|
|
|
|
|
# 302 is expected as the GHA is not a member of the organization
|
|
|
|
|
# Users must be set their membership to public for this to work
|
|
|
|
|
# https://github.com/orgs/k3s-io/people
|
|
|
|
|
script: |
|
|
|
|
|
const org = context.repo.owner;
|
|
|
|
|
const team_slug = 'k3s-dev';
|
|
|
|
|
const username = context.payload.comment.user.login;
|
|
|
|
|
|
|
|
|
|
const { data: membership } = await github.rest.teams.getMembershipForUserInOrg({
|
|
|
|
|
try {
|
|
|
|
|
const result = await github.rest.orgs.checkMembershipForUser({
|
|
|
|
|
org,
|
|
|
|
|
team_slug,
|
|
|
|
|
username
|
|
|
|
|
username,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if (membership.state !== 'active') {
|
|
|
|
|
core.setFailed(`User ${username} is not an active member of the ${team_slug} team`);
|
|
|
|
|
} catch (error) {
|
|
|
|
|
core.setFailed(`User ${username} is not an public member of the ${org} organization`);
|
|
|
|
|
}
|
|
|
|
|
- name: Checkout PR code
|
|
|
|
|
uses: actions/checkout@v4
|
|
|
|
|
@ -87,6 +88,8 @@ jobs:
|
|
|
|
|
if: always() && needs.trivy_scan.result == 'failure'
|
|
|
|
|
permissions:
|
|
|
|
|
pull-requests: write
|
|
|
|
|
env:
|
|
|
|
|
GH_TOKEN: ${{ github.token }}
|
|
|
|
|
steps:
|
|
|
|
|
- name: Report Failure
|
|
|
|
|
run: |
|
|
|
|
|
|
Derek Nola
2 months ago
committed by