d97f372f43
- Remove codeflash-java-runtime/ from unit_tests change detection - Narrow e2e flag from codeflash/ to explicit Python subdirs (excludes java/, javascript/) - Narrow tests/ in e2e_java/e2e_js to specific test scripts - Extract duplicated Validate PR step into composite action - Use fetch-depth: 1 for unit-tests and type-check (no git history needed) - Remove continue-on-error: true from unit-tests (was masking real failures) - Change git add -A to git add -u in prek auto-fix (won't stage untracked files)
35 lines
1.2 KiB
YAML
35 lines
1.2 KiB
YAML
name: Validate PR
|
|
description: Ensure only authorized users can modify workflow files in PRs
|
|
inputs:
|
|
base_sha:
|
|
description: Base commit SHA of the pull request
|
|
required: true
|
|
head_sha:
|
|
description: Head commit SHA of the pull request
|
|
required: true
|
|
author:
|
|
description: Login of the PR author
|
|
required: true
|
|
pr_state:
|
|
description: State of the pull request (open/closed)
|
|
required: true
|
|
runs:
|
|
using: composite
|
|
steps:
|
|
- name: Check workflow file changes
|
|
shell: bash
|
|
run: |
|
|
if git diff --name-only "${{ inputs.base_sha }}" "${{ inputs.head_sha }}" | grep -q "^.github/workflows/"; then
|
|
echo "Workflow changes detected."
|
|
AUTHOR="${{ inputs.author }}"
|
|
if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then
|
|
echo "Authorized user ($AUTHOR). Proceeding."
|
|
elif [[ "${{ inputs.pr_state }}" == "open" ]]; then
|
|
echo "PR is open. Protection rules in place. Proceeding."
|
|
else
|
|
echo "Unauthorized user ($AUTHOR). Exiting."
|
|
exit 1
|
|
fi
|
|
else
|
|
echo "No workflow file changes. Proceeding."
|
|
fi
|