.github/workflows/direct-push.yml at staging-python · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / .github / workflows / direct-push.yml

at staging-python 1.4 kB view raw

 1name: "Direct Push Warning"
 2on:
 3  push:
 4    branches:
 5     - master
 6     - release-**
 7permissions:
 8  contents: read
 9
10jobs:
11  build:
12    permissions:
13      contents: write  # for peter-evans/commit-comment to comment on commit
14    runs-on: ubuntu-latest
15    if: github.repository_owner == 'NixOS'
16    env:
17      GITHUB_SHA: ${{ github.sha }}
18      GITHUB_REPOSITORY: ${{ github.repository }}
19    steps:
20    - name: Check if commit is a merge commit
21      id: ismerge
22      run: |
23        ISMERGE=$(curl -H 'Accept: application/vnd.github.groot-preview+json' -H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/${{ env.GITHUB_REPOSITORY }}/commits/${{ env.GITHUB_SHA }}/pulls | jq -r '.[] | select(.merge_commit_sha == "${{ env.GITHUB_SHA }}") | any')
24        echo "::set-output name=ismerge::$ISMERGE"
25    # github events are eventually consistent, so wait until changes propagate to thier DB
26    - run: sleep 60
27      if: steps.ismerge.outputs.ismerge != 'true'
28    - name: Warn if the commit was a direct push
29      if: steps.ismerge.outputs.ismerge != 'true'
30      uses: peter-evans/commit-comment@v2
31      with:
32        body: |
33          @${{ github.actor }}, you pushed a commit directly to master/release branch
34          instead of going through a Pull Request.
35
36          That's highly discouraged beyond the few exceptions listed
37          on https://github.com/NixOS/nixpkgs/issues/118661