From 9e02cdfb48b6807a1d0fbcd22883e0bec6a31696 Mon Sep 17 00:00:00 2001 From: Mike Harder Date: Wed, 6 Aug 2025 00:06:09 +0000 Subject: [PATCH 1/4] get branch rules in PR --- .github/workflows/scripts/pull-request.js | 46 +---------------------- 1 file changed, 2 insertions(+), 44 deletions(-) diff --git a/.github/workflows/scripts/pull-request.js b/.github/workflows/scripts/pull-request.js index 654efc1..358abca 100644 --- a/.github/workflows/scripts/pull-request.js +++ b/.github/workflows/scripts/pull-request.js @@ -1,53 +1,11 @@ // @ts-check -const { readFile } = require("fs/promises"); -const { join } = require("path"); -const { env } = require("process"); - /** * @param {import('github-script').AsyncFunctionArguments} AsyncFunctionArguments * @param {string} folder * @param {string?} label */ module.exports = async ({ github, context, core }, folder, label) => { - console.log(JSON.stringify(context, null, 2)); - - const file = join(folder, "content.txt"); - - const payload = /** @type {import("@octokit/webhooks-types").PullRequestEvent} */ (context.payload); - - const permissionLevel = await github.rest.repos.getCollaboratorPermissionLevel({ - owner: payload.repository.owner.login, - repo: payload.repository.name, - username: payload.pull_request.user.login, - }); - - console.log(JSON.stringify(permissionLevel, null, 2)); - - try { - const content = await readFile(file, { encoding: "utf8" }); - console.log(`File '${file}' exists. Content:\n${content}`); - if (content.includes("foo")) { - if (label) { - console.log(`Adding label '${label}'`); - await github.rest.issues.addLabels({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.payload.pull_request?.number ?? -1, - labels: [label], - }); - } - console.log('setOutput("FOO", true)'); - core.setOutput("FOO", true); - } else { - console.log('setOutput("FOO", false)'); - core.setOutput("FOO", false); - } - } catch (err) { - if (err.code === "ENOENT" || err.status === "ENOENT") { - console.log(`File '${file}' does not exist`); - } else { - throw err; - } - } + const branchRules = await github.rest.repos.getBranchRules(); + core.info(JSON.stringify(branchRules, null, 2)); }; From e78cd43e794b82c6a4df0ce77f25f810abe1bd68 Mon Sep 17 00:00:00 2001 From: Mike Harder Date: Wed, 6 Aug 2025 00:07:26 +0000 Subject: [PATCH 2/4] empty From d62f31d1b6dc37ab0a3ac37c05f5909129ff9292 Mon Sep 17 00:00:00 2001 From: Mike Harder Date: Wed, 6 Aug 2025 00:12:44 +0000 Subject: [PATCH 3/4] enable debug, pass args --- .github/workflows/pull-request.yaml | 1 + .github/workflows/scripts/pull-request.js | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml index ef336d8..4984cf4 100644 --- a/.github/workflows/pull-request.yaml +++ b/.github/workflows/pull-request.yaml @@ -19,6 +19,7 @@ jobs: id: analyze uses: actions/github-script@v7 with: + debug: true script: | const pullRequest = require('./.github/workflows/scripts/pull-request.js') await pullRequest({ github, context, core }, "", null); diff --git a/.github/workflows/scripts/pull-request.js b/.github/workflows/scripts/pull-request.js index 358abca..65f177f 100644 --- a/.github/workflows/scripts/pull-request.js +++ b/.github/workflows/scripts/pull-request.js @@ -6,6 +6,10 @@ * @param {string?} label */ module.exports = async ({ github, context, core }, folder, label) => { - const branchRules = await github.rest.repos.getBranchRules(); + const branchRules = await github.rest.repos.getBranchRules({ + owner: context.repo.owner, + repo: context.repo.repo, + branch: context.payload.pull_request?.base.ref, + }); core.info(JSON.stringify(branchRules, null, 2)); }; From 31c9922d027ef31828f94ed751849cc865a1170a Mon Sep 17 00:00:00 2001 From: Mike Harder Date: Wed, 6 Aug 2025 00:12:58 +0000 Subject: [PATCH 4/4] limit perms --- .github/workflows/pull-request.yaml | 44 ++++++++++++++--------------- 1 file changed, 21 insertions(+), 23 deletions(-) diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml index 4984cf4..bcbb0d8 100644 --- a/.github/workflows/pull-request.yaml +++ b/.github/workflows/pull-request.yaml @@ -8,30 +8,28 @@ jobs: permissions: contents: read - pull-requests: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - - name: Analyze content.txt - id: analyze - uses: actions/github-script@v7 - with: - debug: true - script: | - const pullRequest = require('./.github/workflows/scripts/pull-request.js') - await pullRequest({ github, context, core }, "", null); - - - if: ${{ steps.analyze.outputs.FOO == 'true' }} - run: - touch foo.txt - - - if: ${{ steps.analyze.outputs.FOO == 'true' }} - uses: actions/upload-artifact@v4 - with: - name: foo - path: foo.txt - if-no-files-found: error - overwrite: true + - uses: actions/checkout@v4 + + - name: Analyze content.txt + id: analyze + uses: actions/github-script@v7 + with: + debug: true + script: | + const pullRequest = require('./.github/workflows/scripts/pull-request.js') + await pullRequest({ github, context, core }, "", null); + + - if: ${{ steps.analyze.outputs.FOO == 'true' }} + run: touch foo.txt + + - if: ${{ steps.analyze.outputs.FOO == 'true' }} + uses: actions/upload-artifact@v4 + with: + name: foo + path: foo.txt + if-no-files-found: error + overwrite: true