From c678fdbe0053bc43efa4822c41d942fd3d2e52fe Mon Sep 17 00:00:00 2001 From: Nishaat Rajabali <12186256+nishaatr@users.noreply.github.com> Date: Tue, 12 Nov 2024 09:40:14 +0000 Subject: [PATCH 1/4] Add PR membership check --- .github/workflows/builder.yaml | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/.github/workflows/builder.yaml b/.github/workflows/builder.yaml index ee3f2d480..3dc1127bb 100644 --- a/.github/workflows/builder.yaml +++ b/.github/workflows/builder.yaml @@ -4,9 +4,28 @@ on: pull_request_target: jobs: + check_for_membership: + runs-on: ubuntu-latest + name: Check PR author membership + outputs: + check-result: ${{ steps.composite.outputs.check-result }} + steps: + - name: Action for membership check + id: composite + uses: hazelcast/hazelcast-tpm/membership@main + with: + organization-name: 'hazelcast' + member-name: ${{ github.event.pull_request.head.repo.owner.login }} + token: ${{ secrets.GH_TOKEN }} pr-builder: runs-on: ubuntu-latest + needs: [check_for_membership] steps: + - name: Detect untrusted community PR + if: ${{ needs.check_for_membership.outputs.check-result == 'false' }} + run: | + echo "::error::ERROR: Untrusted external PR. Must be reviewed and executed by Hazelcast" 1>&2; + exit 1 - name: Checkout Code uses: actions/checkout@v4 - name: Set up Java @@ -17,10 +36,4 @@ jobs: - name: Build and test run: | ${RUNNER_DEBUG:+set -x} - mvn \ - --batch-mode \ - --errors \ - --no-transfer-progress \ - ${RUNNER_DEBUG:+--show-version} \ - "-Dhazelcast.enterprise.license.key=${{ secrets.HAZELCAST_ENTERPRISE_KEY_V7 }}" \ - package + ls -al From 9311ac896442982312478deb8d5388392b493c94 Mon Sep 17 00:00:00 2001 From: Nishaat Rajabali <12186256+nishaatr@users.noreply.github.com> Date: Tue, 12 Nov 2024 09:57:22 +0000 Subject: [PATCH 2/4] Readd mvn command removed in previous commit --- .github/workflows/builder.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/builder.yaml b/.github/workflows/builder.yaml index 3dc1127bb..f52888912 100644 --- a/.github/workflows/builder.yaml +++ b/.github/workflows/builder.yaml @@ -36,4 +36,10 @@ jobs: - name: Build and test run: | ${RUNNER_DEBUG:+set -x} - ls -al + mvn \ + --batch-mode \ + --errors \ + --no-transfer-progress \ + ${RUNNER_DEBUG:+--show-version} \ + "-Dhazelcast.enterprise.license.key=${{ secrets.HAZELCAST_ENTERPRISE_KEY_V7 }}" \ + package From 5e38aae094625d8e267f51fa4d2fd7e0e3cc9c7c Mon Sep 17 00:00:00 2001 From: Nishaat Rajabali <12186256+nishaatr@users.noreply.github.com> Date: Tue, 12 Nov 2024 10:52:21 +0000 Subject: [PATCH 3/4] Remove redundant needs brackets Co-authored-by: Jack Green --- .github/workflows/builder.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/builder.yaml b/.github/workflows/builder.yaml index f52888912..e4afe9131 100644 --- a/.github/workflows/builder.yaml +++ b/.github/workflows/builder.yaml @@ -19,7 +19,7 @@ jobs: token: ${{ secrets.GH_TOKEN }} pr-builder: runs-on: ubuntu-latest - needs: [check_for_membership] + needs: check_for_membership steps: - name: Detect untrusted community PR if: ${{ needs.check_for_membership.outputs.check-result == 'false' }} From 8c092cba6c620c166e1d213f073dafc0bdb640be Mon Sep 17 00:00:00 2001 From: Nishaat Rajabali <12186256+nishaatr@users.noreply.github.com> Date: Tue, 12 Nov 2024 11:53:18 +0000 Subject: [PATCH 4/4] Change PR member to PR actor Co-authored-by: Jack Green --- .github/workflows/builder.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/builder.yaml b/.github/workflows/builder.yaml index e4afe9131..be7d89ef3 100644 --- a/.github/workflows/builder.yaml +++ b/.github/workflows/builder.yaml @@ -15,7 +15,7 @@ jobs: uses: hazelcast/hazelcast-tpm/membership@main with: organization-name: 'hazelcast' - member-name: ${{ github.event.pull_request.head.repo.owner.login }} + member-name: ${{ github.actor }} token: ${{ secrets.GH_TOKEN }} pr-builder: runs-on: ubuntu-latest