[Snyk] Fix for 2 vulnerabilities #13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Notify When Maintainers Cannot Edit | |
# **What it does**: Notifies the author of a PR when their PR does not allow maintainers to edit it. | |
# **Why we have it**: To prevent having to do this manually. | |
# **Who does it impact**: Open-source. | |
on: | |
pull_request_target: | |
types: | |
- opened | |
permissions: | |
pull-requests: write | |
jobs: | |
notify-when-maintainers-cannot-edit: | |
if: github.repository == 'github/docs' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d | |
with: | |
script: | | |
const query = ` | |
query($number: Int!) { | |
repository(owner: "github", name: "docs") { | |
pullRequest(number: $number) { | |
headRepositoryOwner { | |
login | |
} | |
maintainerCanModify | |
} | |
} | |
} | |
`; | |
const pullNumber = context.issue.number; | |
const variables = { number: pullNumber }; | |
try { | |
console.log(`Check github/docs#${pullNumber} for maintainer edit access ...`); | |
const result = await github.graphql(query, variables); | |
console.log(JSON.stringify(result, null, 2)); | |
const pullRequest = result.repository.pullRequest; | |
if (pullRequest.headRepositoryOwner.login === 'github') { | |
console.log('PR owned by github'); | |
return; | |
} | |
if (!pullRequest.maintainerCanModify) { | |
console.log('PR not owned by github and does not have maintainer edits enabled'); | |
await github.issues.createComment({ | |
issue_number: pullNumber, | |
owner: 'github', | |
repo: 'docs', | |
body: "Thanks for submitting a PR to the GitHub Docs project!\n\nIn order to review and merge PRs most efficiently, we require that all PRs grant maintainer edit access before we review them. For information on how to do this, [see the documentation](https://docs.github.com/en/github/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork)." | |
}); | |
} | |
} catch(e) { | |
console.log(e); | |
} |