ci: add checks for commit SHAs #12
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| pull_request_target: | |
| branches: [main] | |
| jobs: | |
| verify-user-permissions: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Get User Permission | |
| id: checkAccess | |
| uses: actions-cool/check-user-permission@v2 | |
| with: | |
| require: write | |
| username: ${{ github.triggering_actor }} | |
| - name: Check User Permission | |
| if: steps.checkAccess.outputs.require-result == 'false' | |
| run: | | |
| echo "${{ github.triggering_actor }} does not have permissions on this repo." | |
| echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}" | |
| echo "Job originally triggered by ${{ github.actor }}" | |
| exit 1 | |
| check-commits-exists: | |
| needs: verify-user-permissions | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check if merge commit sha exists | |
| if: github.event.pull_request.merge_commit_sha == '' | |
| run: | | |
| echo "No merge commit sha found for this pull request." | |
| exit 1 | |
| - name: Check if head sha exists | |
| if: github.event.pull_request.head.sha == '' | |
| run: | | |
| echo "No head sha found for this pull request." | |
| exit 1 | |
| checkout-default: | |
| needs: verify-user-permissions | |
| name: Checkout action using default ref | |
| runs-on: ubuntu-latest | |
| env: | |
| SUPER_SECRET: ${{ secrets.SUPER_SECRET }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Test secret access | |
| if: env.SUPER_SECRET == '' | |
| run: | |
| echo "No access to secrets" | |
| exit 1 | |
| - name: Secret access! | |
| run: echo "Access to secrets!" | |
| checkout-with-ref: | |
| needs: verify-user-permissions | |
| name: Checkout action using a non-default ref | |
| runs-on: ubuntu-latest | |
| env: | |
| SUPER_SECRET: ${{ secrets.SUPER_SECRET }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.event.pull_request.merge_commit_sha || github.event.pull_request.head.sha }} | |
| - name: Test secret access | |
| if: env.SUPER_SECRET == '' | |
| run: | |
| echo "No access to secrets" | |
| exit 1 | |
| - name: Secret access! | |
| run: echo "Access to secrets!" | |