Skip to content

[ProtectedFiles] Skip steps instead of job #30827

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mikeharder merged 1 commit into from
Oct 2, 2024
Merged

[ProtectedFiles] Skip steps instead of job #30827

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
[ProtectedFiles] Skip steps instead of job 
- Check is required
  • Loading branch information
@mikeharder
mikeharder committed Oct 2, 2024
commit 2bc1de7edb1da70ea79b92e214c16b8f2bd8b2b6
52 changes: 27 additions & 25 deletions .github/workflows/protected-files.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,32 +6,34 @@ jobs:
protected-files:
name: Protected Files

# Always allow bot account 'azure-sdk' to update protected files
if: ${{ github.event.pull_request.user.login != 'azure-sdk' }}

runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4
with:
# Required since "HEAD^" is passed to Get-ChangedFiles
fetch-depth: 2

- name: Detect changes to protected files
run: |
. eng/scripts/ChangedFiles-Functions.ps1

$protectedFiles = @("package.json", "package-lock.json")
$changedFiles = @(Get-ChangedFiles -baseCommitish HEAD^ -targetCommitish HEAD -diffFilter "")
$matchedFiles = @($protectedFiles | Where-Object { $changedFiles -contains $_})

if ($matchedFiles.Count -gt 0) {
foreach ($file in $matchedFiles) {
Write-Output "::error file=$file::File '$file' should only be updated by the Azure SDK team. If intentional, the PR may be merged by the Azure SDK team via bypassing the branch protections."
# Always allow bot account 'azure-sdk' to update protected files.
# Since check is required, the job itself cannot be skipped, but all steps can.

- uses: actions/checkout@v4
if: github.event.pull_request.user.login != 'azure-sdk'
with:
# Required since "HEAD^" is passed to Get-ChangedFiles
fetch-depth: 2

- name: Detect changes to protected files
if: github.event.pull_request.user.login != 'azure-sdk'
run: |
. eng/scripts/ChangedFiles-Functions.ps1

$protectedFiles = @("package.json", "package-lock.json")
$changedFiles = @(Get-ChangedFiles -baseCommitish HEAD^ -targetCommitish HEAD -diffFilter "")
$matchedFiles = @($protectedFiles | Where-Object { $changedFiles -contains $_})

if ($matchedFiles.Count -gt 0) {
foreach ($file in $matchedFiles) {
Write-Output "::error file=$file::File '$file' should only be updated by the Azure SDK team. If intentional, the PR may be merged by the Azure SDK team via bypassing the branch protections."
}
exit 1
}
else {
Write-Output "No changes to protected files: [$($protectedFiles -join ', ')]"
}
exit 1
}
else {
Write-Output "No changes to protected files: [$($protectedFiles -join ', ')]"
}
shell: pwsh
shell: pwsh