From f80da54d1241221d8ab6af4c4bf88b1854dcb542 Mon Sep 17 00:00:00 2001
From: Genevieve Warren <24882762+gewarren@users.noreply.github.com>
Date: Mon, 27 Jan 2025 16:06:44 -0800
Subject: [PATCH] Fail action instead of comment

---
 .github/workflows/live-protection.yml | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/live-protection.yml b/.github/workflows/live-protection.yml
index 3f097ac42e5..0523cb06853 100644
--- a/.github/workflows/live-protection.yml
+++ b/.github/workflows/live-protection.yml
@@ -1,27 +1,25 @@
+name: Base branch checker
 on: [pull_request]
 
 permissions:
   contents: read
 
 jobs:
-  comment:
+  live_protection_job:
+    name: Create comment
     runs-on: ubuntu-latest
+
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
       - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
         env:
-          SHOULD_COMMENT: ${{ github.base_ref == 'refs/heads/live' && !(github.head_ref == 'refs/heads/main') }}
+          LIVE_BASE: ${{ github.base_ref == 'live' && github.head_ref != 'main' }}
         with:
           script: |
-            if (process.env.SHOULD_COMMENT == 'true') {
-              github.issues.createComment({
-                issue_number: context.issue.number,
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                body: 'It looks like this pull request may have been opened on the `live` branch by mistake. In general, PRs should target the `main` branch.'
-              })
+            if (process.env.LIVE_BASE == 'true') {
+              core.setFailed('PR targets live branch')
             }