forked from 74th/workflow-permission-action
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.ts
88 lines (77 loc) · 2.44 KB
/
index.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
import * as core from '@actions/core';
import * as github from '@actions/github';
import { promises as fs } from 'fs';
// import { Octokit } from "@octokit/action";
function isUserPermittedByUserName(actor: string): boolean {
const input = core.getInput("users");
if (!input) {
return false;
}
const users = input.split(",");
return users.findIndex(user => user === actor) > -1;
}
// listMembersInOrg is not accessible by integration
// async function isUserPermittedByTeam(actor: string): Promise<boolean> {
// const input = core.getInput("teams");
// if (!input) {
// return false;
// }
// const teams = input.split(",");
// const octokit = new Octokit();
// for (const team of teams) {
// try {
// for await (const res of octokit.paginate.iterator(
// octokit.teams.listMembersInOrg,
// {
// org: github.context.repo.owner,
// team_slug: team,
// }
// )) {
// if (res.data.findIndex((user) => { return user.login == actor; }) > -1) {
// return true;
// }
// }
// } catch (e) {
// core.error(`error occurred when fetch team ${github.context.repo.owner}/${team}`);
// core.error(e);
// return false;
// }
// }
// return false;
// }
async function isUserPermittedByListfile(actor: string) {
const input = core.getInput("listfile");
if (!input) {
return false;
}
try {
const file = await fs.readFile(input);
const members = file.toString().trim().split("\n");
if (members.findIndex((member) => { return member == actor; }) > -1) {
return true;
}
} catch (e) {
core.error(`error occurred when load listfile`);
core.error(e);
}
return false;
}
async function main() {
const actor = github.context.actor;
if (isUserPermittedByUserName(actor)) {
core.info("permitted by users");
return;
}
// const result = await isUserPermittedByTeam(actor);
// if (result) {
// core.info("permitted by teams");
// return
// }
const permitted = await isUserPermittedByListfile(actor);
if (permitted) {
core.info("permitted by listfile");
return;
}
core.setFailed(`${actor} is not permitted this workflow`)
}
main();