No longer persist credentials #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check unallowed file changes | |
| # **What it does**: If someone changes some files in the open repo, we prevent the pull request from merging. | |
| # **Why we have it**: Some files can only be changed in the internal repository for security and workflow reasons. | |
| # **Who does it impact**: Open source contributors. | |
| on: | |
| pull_request_target: | |
| paths: | |
| - '.github/**' | |
| - '_plugins/**' | |
| - 'analytics/**' | |
| - 'js/**' | |
| - 'scripts/**' | |
| - 'vale-styles/**' | |
| - '_config.yml' | |
| - 'gemfile' | |
| - 'yarn.lock' | |
| - '.vale.ini' | |
| - 'netlify.toml' | |
| - 'package.json' | |
| jobs: | |
| triage: | |
| if: github.repository == 'segmentio/segment-docs' && github.event.pull_request.user.login != 'markzegarelli' || github.event.pull_request.user.login != 'stayseesong' || github.event.pull_request.user.login != 'pwseg' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Get files changed | |
| uses: dorny/paths-filter@eb75a1edc117d3756a18ef89958ee59f9500ba58 | |
| id: filter | |
| with: | |
| # Base branch used to get changed files | |
| base: 'develop' | |
| # Enables setting an output in the format in `${FILTER_NAME}_files | |
| # with the names of the matching files formatted as JSON array | |
| list-files: json | |
| # Returns list of changed files matching each filter | |
| filters: | | |
| notAllowed: | |
| - '.github/**' | |
| - '_plugins/**' | |
| - 'analytics/**' | |
| - 'js/**' | |
| - 'scripts/**' | |
| - 'vale-styles/**' | |
| - '_config.yml' | |
| - 'gemfile' | |
| - 'yarn.lock' | |
| - '.vale.ini' | |
| - 'netlify.toml' | |
| - 'package.json' | |
| # When there are changes to files we can't accept, leave a comment | |
| # explaining this to the PR author | |
| - name: "Comment about changes we can't accept" | |
| if: ${{ steps.filter.outputs.notAllowed }} | |
| uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d | |
| with: | |
| github-token: ${{secrets.GITHUB_TOKEN}} | |
| script: | | |
| const badFilesArr = [ | |
| '.github/**', | |
| '_plugins/**', | |
| 'analytics/**', | |
| 'js/**', | |
| 'scripts/**', | |
| 'vale-styles/**', | |
| '_config.yml', | |
| 'gemfile', | |
| 'yarn.lock', | |
| '.vale.ini', | |
| 'netlify.toml', | |
| 'package.json' | |
| ] | |
| const badFiles = badFilesArr.join('\n') | |
| let reviewMessage = `👋 Hello. It looks like you've modified some files that we can't accept as contributions. The complete list of files we can't accept are:\n${badFiles}\n\nPlease revert all files in this list and resubmit your pull request.` | |
| let workflowFailMessage = "It looks like you've modified some files that we can't accept as contributions." | |
| try { | |
| createdComment = await github.issues.createComment ({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.payload.number, | |
| body: reviewMessage, | |
| }) | |
| workflowFailMessage = `${workflowFailMessage} Please see ${createdComment.data.html_url} for details.` | |
| } catch(err) { | |
| console.log("Error creating comment.", err) | |
| } | |
| core.setFailed(workflowFailMessage) |