Skip to content

Commit

Permalink
fix(repo): Verify user permissions to run integration tests (#4489)
Browse files Browse the repository at this point in the history
  • Loading branch information
LauraBeatris authored Nov 6, 2024
1 parent f3175f2 commit da6d700
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 94 deletions.
2 changes: 2 additions & 0 deletions .changeset/famous-shoes-walk.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
---
---
23 changes: 19 additions & 4 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -138,10 +138,6 @@ jobs:

integration-tests:
name: Integration Tests
# Skip for fork PRs to prevent security vulnerabilities (no secrets)
# Runs if it comes from the root repo or once it gets approved by a maintainer
if: |
github.event.inputs.run_integration_tests == 'true' || github.event.pull_request.head.repo.full_name == github.repository
needs: formatting-linting
runs-on: ${{ vars.RUNNER_LARGE || 'ubuntu-latest-l' }}
timeout-minutes: ${{ vars.TIMEOUT_MINUTES_LONG && fromJSON(vars.TIMEOUT_MINUTES_LONG) || 15 }}
Expand All @@ -163,11 +159,30 @@ jobs:
next-version: '15'

steps:
# Skip integration tests from fork PRs to prevent secret exfiltration
- name: Get User Permission
id: checkAccess
uses: actions-cool/check-user-permission@v2
with:
require: write
username: ${{ github.triggering_actor }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check User Permission
if: steps.checkAccess.outputs.require-result == 'false'
run: |
echo "${{ github.triggering_actor }} does not have permissions on this repo."
echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}"
echo "Job originally triggered by ${{ github.actor }}"
exit 1
- name: Checkout Repo
uses: actions/checkout@v4
with:
fetch-depth: 0
show-progress: false
# We must first verify the user permissions before checking out PR code
ref: ${{ github.event.pull_request.head.sha }}

- name: Setup
id: config
Expand Down
90 changes: 0 additions & 90 deletions .github/workflows/run-integration-tests.yml

This file was deleted.

0 comments on commit da6d700

Please sign in to comment.