Added Indestructible token objects attributes/keys feature. #191
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The purpose of this workflow is to run the scripts/notify_maintainers.py | |
| # for pull requests against the OP-TEE OS main repository in a secure way. | |
| # It runs on the pull_request_target event, which grants write permission | |
| # (issues: write) using the default short-lived GITHUB_TOKEN. Due to this | |
| # write access to PRs and issues, to prevent security issues the | |
| # pull_request_target event also checks out the code in the target branch, | |
| # not the code from the PR. This code can therefore be trusted. | |
| name: Maintainer notification | |
| on: | |
| pull_request_target: | |
| types: [opened, synchronize] | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| jobs: | |
| notify-maintainers: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout base branch | |
| uses: actions/checkout@v4 | |
| - name: Install python3-github | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install python3-github | |
| - name: Compute maintainers | |
| id: compute | |
| env: | |
| REPO: ${{ github.repository }} | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| python3 scripts/notify_maintainers.py | tee output.txt | |
| grep message= output.txt >> $GITHUB_OUTPUT | |
| - name: Comment on PR | |
| if: steps.compute.outputs.message != '' | |
| uses: actions/github-script@v8 | |
| with: | |
| script: | | |
| const message = "${{ steps.compute.outputs.message }}"; | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.issue.number, | |
| body: message | |
| }); |