[pull] master from KelvinTegelaar:master #39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Branch Check | |
| on: | |
| # Using pull_request_target instead of pull_request for secure handling of fork PRs | |
| pull_request_target: | |
| # Only run on these PR events | |
| types: [opened, synchronize, reopened] | |
| # Only check PRs targeting these branches | |
| branches: | |
| - main | |
| - master | |
| permissions: | |
| pull-requests: write | |
| issues: write | |
| jobs: | |
| check-branch: | |
| runs-on: ubuntu-slim | |
| steps: | |
| - name: Check and Comment on PR | |
| # Only process fork PRs with specific branch conditions | |
| # Must be a fork AND (source is main/master OR target is main/master) | |
| if: | | |
| github.event.pull_request.head.repo.fork == true && | |
| ((github.event.pull_request.head.ref == 'main' || github.event.pull_request.head.ref == 'master') || | |
| (github.event.pull_request.base.ref == 'main' || github.event.pull_request.base.ref == 'master')) | |
| uses: actions/github-script@v9 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| let message = ''; | |
| // Check if the fork has open PRs (indicates pull bot or similar is active) | |
| const forkOwner = context.payload.pull_request.head.repo.owner.login; | |
| const forkRepo = context.payload.pull_request.head.repo.name; | |
| const forkPullsUrl = context.payload.pull_request.head.repo.html_url + '/pulls'; | |
| let openPRs = []; | |
| try { | |
| const { data: prs } = await github.rest.pulls.list({ | |
| owner: forkOwner, | |
| repo: forkRepo, | |
| state: 'open', | |
| per_page: 5 | |
| }); | |
| openPRs = prs; | |
| } catch (e) { | |
| // Can't read fork PRs — skip | |
| } | |
| message += '🔄 If you are attempting to update your CIPP-API repo please follow the instructions at: https://docs.cipp.app/setup/self-hosting-guide/updating. Are you a sponsor? Contact the helpdesk for direct assistance with updating to the latest version.'; | |
| if (openPRs.length > 0) { | |
| message += ` It looks like you may already have a pending update PR on your fork — check your [open pull requests](${forkPullsUrl}) to accept it.`; | |
| } else { | |
| message += ` You can enable [Pull Bot](https://github.com/apps/pull) or [Repo Sync](https://github.com/apps/repo-sync) to automatically keep your fork up to date.`; | |
| } | |
| message += '\n\n'; | |
| // Check if PR is targeting main/master | |
| if (context.payload.pull_request.base.ref === 'main' || context.payload.pull_request.base.ref === 'master') { | |
| message += '⚠️ PRs cannot target the main branch directly. If you are attempting to contribute code please PR to the dev branch.\n\n'; | |
| } | |
| // Check if PR is from a fork's main/master branch | |
| if (context.payload.pull_request.head.repo.fork && | |
| (context.payload.pull_request.head.ref === 'main' || context.payload.pull_request.head.ref === 'master')) { | |
| message += '⚠️ This PR cannot be merged because it originates from your fork\'s main/master branch. If you are attempting to contribute code please PR from your dev branch or another non-main/master branch.\n\n'; | |
| } | |
| message += '🔒 This PR will now be automatically closed due to the above rules.'; | |
| // Post the comment | |
| await github.rest.issues.createComment({ | |
| ...context.repo, | |
| issue_number: context.issue.number, | |
| body: message | |
| }); | |
| // Close the PR | |
| await github.rest.pulls.update({ | |
| ...context.repo, | |
| pull_number: context.issue.number, | |
| state: 'closed' | |
| }); |