Bug 2010695 - Add empty modules for S2S feature #27
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Handle Pull Request | |
| on: | |
| # WARNING: pull_request_target MUST NOT be used if running code under control | |
| # of the source PR [0], as it could risk leaking the GH_TOKENs. | |
| # | |
| # In this case, we do it as the job needs to run within the context of the | |
| # target repo, so it can get a GH_TOKEN which it can use to comment on and | |
| # update the PR. | |
| # | |
| # Crucially, no external code is loaded or run as part of this workflow. | |
| # | |
| # [0] https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#pull_request_target:~:text=Warning-,Running,websitehttps://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#pull_request_target:~:text=Warning-,Running,website | |
| # | |
| pull_request_target: | |
| types: [opened, reopened] | |
| env: | |
| ALLOWED_TEAM: lando-github-pilot | |
| ALLOWED_PATHS: | | |
| mobile/android/android-components | |
| mobile/android/fenix | |
| mobile/android/focus-android | |
| GH_REPO: ${{ github.repository }} | |
| PR: ${{ github.event.pull_request.number }} | |
| GH_TOKEN: ${{ github.token }} | |
| jobs: | |
| handle-pr: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Workflows don't get access to organisation metadata via the GITHUB_TOKEN. | |
| # We use the Lando Web App to obtain a token with sufficient permissions. | |
| - name: Generate a Lando Web token | |
| id: generate-lando-web-token | |
| uses: actions/create-github-app-token@v2 | |
| continue-on-error: true | |
| with: | |
| app-id: ${{ vars.LANDO_WEB_APP_ID }} | |
| private-key: ${{ secrets.LANDO_WEB_APP_PRIVATE_KEY }} | |
| permission-members: read | |
| - name: Check team membership | |
| id: team | |
| continue-on-error: true | |
| env: | |
| AUTHOR: ${{ github.actor }} | |
| GH_ORG: ${{ github.repository_owner }} | |
| GH_TOKEN: ${{ steps.generate-lando-web-token.outputs.token }} | |
| run: | | |
| if gh api "/orgs/${GH_ORG}/teams/${ALLOWED_TEAM}/memberships/${AUTHOR}" --silent 2>/dev/null; then | |
| echo "is_member=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "is_member=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Check allowed paths | |
| id: paths | |
| continue-on-error: true | |
| if: steps.team.outputs.is_member == 'true' | |
| run: | | |
| PATTERN=$(echo "${ALLOWED_PATHS}" | xargs | tr ' ' '|') | |
| if gh pr view "${PR}" --json files --jq '.files[].path' | grep -vE "^(${PATTERN})"; then | |
| echo "only_allowed=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "only_allowed=true" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Close PR | |
| if: steps.team.outputs.is_member != 'true' || steps.paths.outputs.only_allowed != 'true' | |
| run: | | |
| gh pr close "${PR}" --comment "(Automated Close) Please do not file pull requests here, see https://firefox-source-docs.mozilla.org/contributing/how_to_submit_a_patch.html" | |
| gh pr lock "${PR}" | |
| - name: Check PR target | |
| if: (steps.team.outputs.is_member == 'true' && steps.paths.outputs.only_allowed == 'true') && github.event.action == 'opened' && github.base_ref == 'main' | |
| run: | | |
| gh pr comment "${PR}" --body "> [!WARNING] | |
| The base branch is currently set to \`main\`. Please Edit this PR and set the base to \`autoland\`." | |
| - name: Add Lando link | |
| if: (steps.team.outputs.is_member == 'true' && steps.paths.outputs.only_allowed == 'true') && github.event.action == 'opened' | |
| env: | |
| # | |
| # Set the following variables at the repository level [0]. | |
| # [0] https://docs.github.com/en/actions/how-tos/write-workflows/choose-what-workflows-do/use-variables#defining-configuration-variables-for-multiple-workflows | |
| # | |
| LANDO_BASE_URL: ${{ vars.LANDO_BASE_URL }} | |
| LANDO_REPO: ${{ vars.LANDO_REPO }} | |
| # | |
| # If they are empty, the following will be used to determine sane defaults. | |
| # | |
| DEFAULT_LANDO_BASE_URL: https://lando.moz.tools | |
| TARGET_BRANCH: ${{ github.base_ref }} | |
| run: | | |
| LANDO_BASE_URL="${LANDO_BASE_URL:-${DEFAULT_LANDO_BASE_URL}}" | |
| # We extract the GitHub repo name and target branch to use as | |
| # default LANDO_REPO if unspecified. | |
| LANDO_REPO="${LANDO_REPO:-${GH_REPO/*\//}-${TARGET_BRANCH}}" | |
| gh pr comment "${PR}" --body "[View this pull request in Lando](${LANDO_BASE_URL}/pulls/${LANDO_REPO}/${PR}) to land it once approved." |