diff --git a/.github/workflows/check-repro.yml b/.github/workflows/check-repro.yml deleted file mode 100644 index ac521be958..0000000000 --- a/.github/workflows/check-repro.yml +++ /dev/null @@ -1,82 +0,0 @@ -name: Check for repro -on: - issues: - types: [opened, edited] - issue_comment: - types: [created, edited] - -jobs: - check-repro: - if: ${{ github.event.label.name == 'bug' }} - runs-on: ubuntu-latest - steps: - - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0. - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - if (context.eventName === 'issue_comment') { - const actor = context.actor; - const { data: collaborators } = await github.rest.repos.listCollaborators({ - owner: context.repo.owner, - repo: context.repo.repo, - }); - - const isCollaborator = collaborators.some(collaborator => collaborator.login === actor); - if (!isCollaborator) { - console.log(`Actor ${actor} is not a collaborator, skipping workflow`); - return; - } - } - const user = context.payload.sender.login; - const body = context.payload.comment - ? context.payload.comment.body - : context.payload.issue.body; - const regex = new RegExp( - `https?:\\/\\/((github\\.com\\/${user}\\/[^/]+\\/?[\\s\\n]+)|(snack\\.expo\\.dev\\/.+))`, - 'gm' - ); - if (regex.test(body)) { - await github.rest.issues.addLabels({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - labels: ['repro provided'], - }); - try { - await github.rest.issues.removeLabel({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - name: 'needs repro', - }); - } catch (error) { - if (!/Label does not exist/.test(error.message)) { - throw error; - } - } - } else { - if (context.eventName !== 'issues') { - return; - } - const body = "Hey! Thanks for opening the issue. The issue doesn't seem to contain a link to a repro (a [snack.expo.dev](https://snack.expo.dev) link or link to a GitHub repo under your username).\n\nCan you provide a [minimal repro](https://stackoverflow.com/help/minimal-reproducible-example) which demonstrates the issue? A repro will help us debug the issue faster. Please try to keep the repro as small as possible and make sure that we can run it without additional setup."; - const comments = await github.rest.issues.listComments({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - }); - if (comments.data.some(comment => comment.body === body)) { - return; - } - await github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body, - }); - await github.rest.issues.addLabels({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - labels: ['needs repro'], - }); - } diff --git a/.github/workflows/publish-each-pr.yml b/.github/workflows/publish-each-pr.yml index 662957ea4b..0fa519e55f 100644 --- a/.github/workflows/publish-each-pr.yml +++ b/.github/workflows/publish-each-pr.yml @@ -1,6 +1,10 @@ name: Expo Preview on: [pull_request] +permissions: + contents: read + pull-requests: write + jobs: publish: name: Install and publish diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 3bd5d1ca26..7b6949f2fb 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -4,6 +4,11 @@ on: schedule: - cron: '30 1 * * *' +permissions: + contents: read + issues: write + pull-requests: write + jobs: stale: runs-on: ubuntu-latest diff --git a/.github/workflows/triage.yaml b/.github/workflows/triage.yaml index eb139b7d50..c9c69eb8bb 100644 --- a/.github/workflows/triage.yaml +++ b/.github/workflows/triage.yaml @@ -3,6 +3,10 @@ on: issues: types: [labeled] +permissions: + contents: read + issues: write + jobs: needs-more-info: runs-on: ubuntu-latest @@ -13,6 +17,18 @@ jobs: with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | + const actor = context.actor; + const { data: collaborators } = await github.rest.repos.listCollaborators({ + owner: context.repo.owner, + repo: context.repo.repo, + }); + + const isCollaborator = collaborators.some(collaborator => collaborator.login === actor); + if (!isCollaborator) { + console.log(`Actor ${actor} is not a collaborator, skipping workflow`); + return; + } + github.rest.issues.createComment({ issue_number: context.issue.number, owner: context.repo.owner, @@ -29,6 +45,18 @@ jobs: with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | + const actor = context.actor; + const { data: collaborators } = await github.rest.repos.listCollaborators({ + owner: context.repo.owner, + repo: context.repo.repo, + }); + + const isCollaborator = collaborators.some(collaborator => collaborator.login === actor); + if (!isCollaborator) { + console.log(`Actor ${actor} is not a collaborator, skipping workflow`); + return; + } + github.rest.issues.createComment({ issue_number: context.issue.number, owner: context.repo.owner, diff --git a/.github/workflows/versions.yml b/.github/workflows/versions.yml index b07ebd8b70..a84b362955 100644 --- a/.github/workflows/versions.yml +++ b/.github/workflows/versions.yml @@ -3,6 +3,10 @@ on: issues: types: [opened, edited] +permissions: + contents: read + issues: write + jobs: check-versions: if: ${{ github.event.label.name == 'bug' }}