From 8cfae8d7af8141634684308525f5002b73d83d07 Mon Sep 17 00:00:00 2001 From: bluwy Date: Thu, 13 Jun 2024 17:25:13 +0800 Subject: [PATCH] chore: check permission for pkg-pr-new comment --- .github/workflows/publish-commit.yml | 40 +++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish-commit.yml b/.github/workflows/publish-commit.yml index edb0b8ac528187..1f5d94cafada39 100644 --- a/.github/workflows/publish-commit.yml +++ b/.github/workflows/publish-commit.yml @@ -18,8 +18,46 @@ jobs: runs-on: ubuntu-latest steps: + - if: github.event.issue.pull_request + uses: actions/github-script@v7 + with: + script: | + const user = context.payload.sender.login + console.log(`Validate user: ${user}`) + + let hasTriagePermission = false + try { + const { data } = await github.rest.repos.getCollaboratorPermissionLevel({ + owner: context.repo.owner, + repo: context.repo.repo, + username: user, + }); + hasTriagePermission = data.user.permissions.triage + } catch (e) { + console.warn(e) + } + + if (hasTriagePermission) { + console.log('Allowed') + await github.rest.reactions.createForIssueComment({ + owner: context.repo.owner, + repo: context.repo.repo, + comment_id: context.payload.comment.id, + content: '+1', + }) + } else { + console.log('Not allowed') + await github.rest.reactions.createForIssueComment({ + owner: context.repo.owner, + repo: context.repo.repo, + comment_id: context.payload.comment.id, + content: '-1', + }) + throw new Error('not allowed') + } + - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install pnpm uses: pnpm/action-setup@v4.0.0