forked from KelvinTegelaar/CIPP-API
-
Notifications
You must be signed in to change notification settings - Fork 0
86 lines (74 loc) · 3.73 KB
/
PR_Branch_Check.yml
File metadata and controls
86 lines (74 loc) · 3.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
name: PR Branch Check
on:
# Using pull_request_target instead of pull_request for secure handling of fork PRs
pull_request_target:
# Only run on these PR events
types: [opened, synchronize, reopened]
# Only check PRs targeting these branches
branches:
- main
- master
permissions:
pull-requests: write
issues: write
jobs:
check-branch:
runs-on: ubuntu-slim
steps:
- name: Check and Comment on PR
# Only process fork PRs with specific branch conditions
# Must be a fork AND (source is main/master OR target is main/master)
if: |
github.event.pull_request.head.repo.fork == true &&
((github.event.pull_request.head.ref == 'main' || github.event.pull_request.head.ref == 'master') ||
(github.event.pull_request.base.ref == 'main' || github.event.pull_request.base.ref == 'master'))
uses: actions/github-script@v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
let message = '';
// Check if the fork has open PRs (indicates pull bot or similar is active)
const forkOwner = context.payload.pull_request.head.repo.owner.login;
const forkRepo = context.payload.pull_request.head.repo.name;
const forkPullsUrl = context.payload.pull_request.head.repo.html_url + '/pulls';
let openPRs = [];
try {
const { data: prs } = await github.rest.pulls.list({
owner: forkOwner,
repo: forkRepo,
state: 'open',
per_page: 5
});
openPRs = prs;
} catch (e) {
// Can't read fork PRs — skip
}
message += '🔄 If you are attempting to update your CIPP-API repo please follow the instructions at: https://docs.cipp.app/setup/self-hosting-guide/updating. Are you a sponsor? Contact the helpdesk for direct assistance with updating to the latest version.';
if (openPRs.length > 0) {
message += ` It looks like you may already have a pending update PR on your fork — check your [open pull requests](${forkPullsUrl}) to accept it.`;
} else {
message += ` You can enable [Pull Bot](https://github.com/apps/pull) or [Repo Sync](https://github.com/apps/repo-sync) to automatically keep your fork up to date.`;
}
message += '\n\n';
// Check if PR is targeting main/master
if (context.payload.pull_request.base.ref === 'main' || context.payload.pull_request.base.ref === 'master') {
message += '⚠️ PRs cannot target the main branch directly. If you are attempting to contribute code please PR to the dev branch.\n\n';
}
// Check if PR is from a fork's main/master branch
if (context.payload.pull_request.head.repo.fork &&
(context.payload.pull_request.head.ref === 'main' || context.payload.pull_request.head.ref === 'master')) {
message += '⚠️ This PR cannot be merged because it originates from your fork\'s main/master branch. If you are attempting to contribute code please PR from your dev branch or another non-main/master branch.\n\n';
}
message += '🔒 This PR will now be automatically closed due to the above rules.';
// Post the comment
await github.rest.issues.createComment({
...context.repo,
issue_number: context.issue.number,
body: message
});
// Close the PR
await github.rest.pulls.update({
...context.repo,
pull_number: context.issue.number,
state: 'closed'
});