ci: add permission check to publish workflow (#351)

## Changes - Added validation step to package-publish workflow ticket: ## Additional Notes - ## Checklist Before requesting a code review, please check the following: - [x] **[Required]** CI has passed all checks. - [x] **[Required]** A self-review has been conducted to ensure there are no minor mistakes. - [x] **[Required]** Unnecessary comments/debugging code have been removed. - [x] **[Required]** All requirements specified in the ticket have been accurately implemented. - [ ] Ensure the ticket has been updated with the sprint, status, and story points. --------- Co-authored-by: Liam Hongman Cho <[email protected]>
sendbird · Aug 23, 2024 · 56d45fc · 56d45fc
1 parent 292e3ec
commit 56d45fc
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/.github/workflows/package-publish.yml b/.github/workflows/package-publish.yml
@@ -27,6 +27,33 @@ jobs:
         with:
           node-version: 18.x
           cache: 'yarn'
+      - name: 'validation'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const permission = await github.rest.repos.getCollaboratorPermissionLevel({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              username: context.actor
+            });
+            if (permission.data.permission !== 'admin' && permission.data.permission !== 'write') {
+              core.setFailed(`User ${context.actor} does not have write or admin permissions to this repository.`);
+            }
+            const currentBranch = context.ref.replace('refs/heads/', '');
+            if (currentBranch !== `release/v${{ github.event.inputs.version }}`) {
+              core.setFailed(`Current branch ${currentBranch} does not match release/v${{ github.event.inputs.version }}`);
+            }
+            const pullRequests = await github.rest.pulls.list({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              state: 'open',
+              sort: 'created',
+              direction: 'desc',
+            });
+            const pr = pullRequests.data.find(pr => pr.head.ref === currentBranch && pr.base.ref === 'develop');
+            if (!pr) {
+              core.setFailed(`No open pull request found for ${currentBranch} to develop`);
+            }
       - name: Check if the release branch exists
         run: |
           set -x