Skip to content

Commit d2a284d

Browse files
committed
Added permissions check
1 parent a09ff64 commit d2a284d

1 file changed

Lines changed: 22 additions & 4 deletions

File tree

.github/workflows/smoke-tests.yml

Lines changed: 22 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,6 @@ on:
99
workflow_dispatch:
1010
push:
1111
branches: ["main"]
12-
pull_request:
13-
branches: ["main"]
1412
merge_group:
1513
branches: ["main"]
1614

@@ -37,10 +35,28 @@ jobs:
3735
fail-fast: false
3836
matrix:
3937
os: ["ubuntu-latest", "windows-latest"]
40-
version: [22]
38+
version: [20]
4139

4240
runs-on: ${{ matrix.os }}
4341
steps:
42+
43+
44+
- name: Get User Permission
45+
id: checkAccess
46+
uses: actions-cool/check-user-permission@v2
47+
with:
48+
require: write
49+
username: ${{ github.triggering_actor }}
50+
env:
51+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
52+
- name: Check User Permission
53+
if: steps.checkAccess.outputs.require-result == 'false'
54+
run: |
55+
echo "${{ github.triggering_actor }} does not have permissions on this repo."
56+
echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}"
57+
echo "Job originally triggered by ${{ github.actor }}"
58+
exit 1
59+
4460
- if: runner.os == 'Linux'
4561
run: |
4662
sudo apt install libsecret-1-0
@@ -51,6 +67,8 @@ jobs:
5167

5268
- if: ${{ github.event_name != 'pull_request_target'}}
5369
uses: actions/checkout@v4
70+
with:
71+
ref: ${{ github.event.pull_request.head.sha }} # This is dangerous without the first access check
5472

5573
- if: ${{ github.event_name == 'pull_request_target'}}
5674
uses: actions/checkout@v4
@@ -127,7 +145,7 @@ jobs:
127145
continue-on-error: true
128146

129147
- name: Live Tests
130-
if: ${{ runner.os == 'windows' }}
148+
if: ${{ runner.os == 'linux' }}
131149
timeout-minutes: 60
132150
run: |
133151
npm run test:live

0 commit comments

Comments
 (0)