diff --git a/.github/workflows/command-compile.yml b/.github/workflows/command-compile.yml index 5df64a3e7..51cc8a156 100644 --- a/.github/workflows/command-compile.yml +++ b/.github/workflows/command-compile.yml @@ -26,6 +26,28 @@ jobs: base_ref: ${{ steps.comment-branch.outputs.base_ref }} steps: + - name: Get repository from pull request comment + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + id: get-repository + with: + github-token: ${{secrets.GITHUB_TOKEN}} + script: | + const pull = await github.rest.pulls.get({ + owner: context.repo.owner, + repo: context.repo.repo, + pull_number: context.issue.number + }); + + const repositoryName = pull.data.head?.repo?.full_name + console.log(repositoryName) + return repositoryName + + - name: Disabled on forks + if: ${{ fromJSON(steps.get-repository.outputs.result) != github.repository }} + run: | + echo 'Can not execute /compile on forks' + exit 1 + - name: Check actor permission uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v2 with: @@ -95,7 +117,7 @@ jobs: - name: Set up npm ${{ steps.package-engines-versions.outputs.npmVersion }} run: npm i -g 'npm@${{ steps.package-engines-versions.outputs.npmVersion }}' - + - name: Rebase to ${{ needs.init.outputs.base_ref }} if: ${{ contains(needs.init.outputs.arg1, 'rebase') }} run: | @@ -115,7 +137,7 @@ jobs: run: | git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}' git commit --signoff -m 'chore(assets): Recompile assets' - + - name: Commit fixup if: ${{ contains(needs.init.outputs.arg1, 'fixup') }} run: | @@ -129,7 +151,7 @@ jobs: git commit --amend --no-edit --signoff # Remove any [skip ci] from the amended commit git commit --amend -m "$(git log -1 --format='%B' | sed '/\[skip ci\]/d')" - + - name: Push normally if: ${{ !contains(needs.init.outputs.arg1, 'rebase') && !contains(needs.init.outputs.arg1, 'amend') }} run: git push origin '${{ needs.init.outputs.head_ref }}' diff --git a/.github/workflows/command-rebase.yml b/.github/workflows/command-rebase.yml deleted file mode 100644 index dc59ffcad..000000000 --- a/.github/workflows/command-rebase.yml +++ /dev/null @@ -1,51 +0,0 @@ -# This workflow is provided via the organization template repository -# -# https://github.com/nextcloud/.github -# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization - -name: Rebase command - -on: - issue_comment: - types: created - -permissions: - contents: read - -jobs: - rebase: - runs-on: ubuntu-latest - permissions: - contents: none - - # On pull requests and if the comment starts with `/rebase` - if: github.event.issue.pull_request != '' && startsWith(github.event.comment.body, '/rebase') - - steps: - - name: Add reaction on start - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 - with: - token: ${{ secrets.COMMAND_BOT_PAT }} - repository: ${{ github.event.repository.full_name }} - comment-id: ${{ github.event.comment.id }} - reaction-type: "+1" - - - name: Checkout the latest code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - fetch-depth: 0 - token: ${{ secrets.COMMAND_BOT_PAT }} - - - name: Automatic Rebase - uses: cirrus-actions/rebase@b87d48154a87a85666003575337e27b8cd65f691 # 1.8 - env: - GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} - - - name: Add reaction on failure - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 - if: failure() - with: - token: ${{ secrets.COMMAND_BOT_PAT }} - repository: ${{ github.event.repository.full_name }} - comment-id: ${{ github.event.comment.id }} - reaction-type: "-1" diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml index aee445058..34d2b8206 100644 --- a/.github/workflows/cypress.yml +++ b/.github/workflows/cypress.yml @@ -35,6 +35,12 @@ jobs: PUPPETEER_SKIP_DOWNLOAD: true steps: + - name: Disabled on forks + if: ${{ github.event.pull_request.head.repo.full_name != github.repository }} + run: | + echo 'Can not approve PRs from forks' + exit 1 + - name: Checkout app uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -91,6 +97,12 @@ jobs: name: runner ${{ matrix.containers }} steps: + - name: Disabled on forks + if: ${{ github.event.pull_request.head.repo.full_name != github.repository }} + run: | + echo 'Can not approve PRs from forks' + exit 1 + - name: Restore context uses: buildjet/cache/restore@e376f15c6ec6dc595375c78633174c7e5f92dc0e # v3 with: diff --git a/.github/workflows/lint-eslint-when-unrelated.yml b/.github/workflows/lint-eslint-when-unrelated.yml deleted file mode 100644 index 7a2e9f058..000000000 --- a/.github/workflows/lint-eslint-when-unrelated.yml +++ /dev/null @@ -1,39 +0,0 @@ -# This workflow is provided via the organization template repository -# -# https://github.com/nextcloud/.github -# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization -# -# Use lint-eslint together with lint-eslint-when-unrelated to make eslint a required check for GitHub actions -# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks - -name: Lint eslint - -on: - pull_request: - paths-ignore: - - '.github/workflows/**' - - 'src/**' - - 'appinfo/info.xml' - - 'package.json' - - 'package-lock.json' - - 'tsconfig.json' - - '.eslintrc.*' - - '.eslintignore' - - '**.js' - - '**.ts' - - '**.vue' - -permissions: - contents: read - -jobs: - lint: - permissions: - contents: none - - runs-on: ubuntu-latest - - name: eslint - - steps: - - run: 'echo "No eslint required"' diff --git a/.github/workflows/node-when-unrelated.yml b/.github/workflows/node-when-unrelated.yml deleted file mode 100644 index db32b0dba..000000000 --- a/.github/workflows/node-when-unrelated.yml +++ /dev/null @@ -1,43 +0,0 @@ -# This workflow is provided via the organization template repository -# -# https://github.com/nextcloud/.github -# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization -# -# Use node together with node-when-unrelated to make eslint a required check for GitHub actions -# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks - -name: Node - -on: - pull_request: - paths-ignore: - - '.github/workflows/**' - - 'src/**' - - 'appinfo/info.xml' - - 'package.json' - - 'package-lock.json' - - 'tsconfig.json' - - '**.js' - - '**.ts' - - '**.vue' - push: - branches: - - main - - master - - stable* - -concurrency: - group: node-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - build: - permissions: - contents: none - - runs-on: ubuntu-latest - - name: node - steps: - - name: Skip - run: 'echo "No JS/TS files changed, skipped Node"'