From ad5c0a53ae2c496d80bdc472bd9ee38e3d003dd6 Mon Sep 17 00:00:00 2001
From: Derek Nola <derek.nola@suse.com>
Date: Tue, 24 Sep 2024 10:19:05 -0700
Subject: [PATCH] Add membership check

Signed-off-by: Derek Nola <derek.nola@suse.com>
---
 .github/workflows/trivy.yaml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
index 7a9d37e4606..9267064d65c 100644
--- a/.github/workflows/trivy.yaml
+++ b/.github/workflows/trivy.yaml
@@ -13,6 +13,23 @@ jobs:
     env:
       GH_TOKEN: ${{ github.token }}
     steps:
+    - name: Check if comment author is a member of k3s team
+      uses: actions/github-script@v7
+      with:
+        script: |
+          const org = context.repo.owner;
+          const team_slug = 'k3s';
+          const username = context.payload.comment.user.login;
+
+          const { data: membership } = await github.teams.getMembershipForUserInOrg({
+            org,
+            team_slug,
+            username
+          });
+
+          if (membership.state !== 'active') {
+            core.setFailed(`User ${username} is not an active member of the ${team_slug} team`);
+          }
     - name: Checkout PR code
       uses: actions/checkout@v4
       with: