Skip to content

Commit 873b0cb

Browse files
committed
updated
1 parent a09ff64 commit 873b0cb

1 file changed

Lines changed: 19 additions & 0 deletions

File tree

.github/workflows/smoke-tests.yml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,23 @@ jobs:
4141

4242
runs-on: ${{ matrix.os }}
4343
steps:
44+
45+
- name: Get User Permission
46+
id: checkAccess
47+
uses: actions-cool/check-user-permission@v2
48+
with:
49+
require: write
50+
username: ${{ github.triggering_actor }}
51+
env:
52+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
53+
- name: Check User Permission
54+
if: steps.checkAccess.outputs.require-result == 'false'
55+
run: |
56+
echo "${{ github.triggering_actor }} does not have permissions on this repo."
57+
echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}"
58+
echo "Job originally triggered by ${{ github.actor }}"
59+
exit 1
60+
4461
- if: runner.os == 'Linux'
4562
run: |
4663
sudo apt install libsecret-1-0
@@ -51,6 +68,8 @@ jobs:
5168

5269
- if: ${{ github.event_name != 'pull_request_target'}}
5370
uses: actions/checkout@v4
71+
with:
72+
ref: ${{ github.event.pull_request.head.sha }} # This is dangerous without the first access check
5473

5574
- if: ${{ github.event_name == 'pull_request_target'}}
5675
uses: actions/checkout@v4

0 commit comments

Comments
 (0)