App/.github/workflows/authorChecklist.yml at main · Expensify/App · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
name: PR Author Checklist

on:
  # We use pull_request_target here so that the GitHub token will have read/write access and be able to modify the PR description if needed.
  # Warning: – when using the pull_request_target event, DO NOT checkout code from an untrusted branch: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
  pull_request_target:
    types: [opened, edited, reopened, synchronize]
    branches: [main]
    paths-ignore: ['docs/articles/**/*.md', 'docs/redirects.csv', 'docs/assets/images/**']

jobs:
  # Note: PHP specifically looks for the name of this job, "checklist", so if the name of the job is changed,
  # then you also need to go into PHP and update the name of this job in the GH_JOB_NAME_CHECKLIST constant
  checklist:
    runs-on: blacksmith-2vcpu-ubuntu-2404
    if: |
      github.actor != 'OSBotify'
      && github.actor != 'imgbot[bot]'
    steps:
      - name: Checkout
        uses: useblacksmith/checkout@c9796daa2a4bdebdab5bd16be2c09a70cd4e1121 # v1

      - name: Check contributor authorization
        id: gate
        uses: ./.github/actions/javascript/isAuthorizedContributor
        with:
          PR_NUMBER: ${{ github.event.pull_request.number }}
          PR_AUTHOR: ${{ github.event.pull_request.user.login }}
          AUTHOR_ASSOCIATION: ${{ github.event.pull_request.author_association }}
          GITHUB_TOKEN: ${{ github.token }}
          OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}

      - name: authorChecklist.ts
        if: steps.gate.outputs.IS_AUTHORIZED == 'true'
        uses: ./.github/actions/javascript/authorChecklist
        with:
          GITHUB_TOKEN: ${{ github.token }}