Check that code owners have write access for the regular review

NixOS · Apr 23, 2024 · 5640fc3 · 5640fc3
1 parent 557dff9
commit 5640fc3
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 3 deletions.
diff --git a/.github/workflows/review.yml b/.github/workflows/review.yml
@@ -17,8 +17,8 @@ jobs:
             --method POST \
             -H "Accept: application/vnd.github+json" \
             -H "X-GitHub-Api-Version: 2022-11-28" \
-            /repos/"$GITHUB_REPOSITORY"/issues \
+            /repos/${{ github.repository }}/issues \
             -f title="[$(date +'%Y %B')] Regular manual review " \
-            -f body="$(./scripts/review-body.sh)"
+            -f body="$(./scripts/review-body.sh . ${{ github.repository }})"
         env:
           GH_TOKEN: ${{ github.token }}
diff --git a/scripts/review-body.sh b/scripts/review-body.sh
@@ -3,7 +3,17 @@ set -euo pipefail
 
 # This script outputs the contents of the regular review issue, see ./github/workflows/review.yml
 
-rev=$(git rev-parse HEAD)
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+
+if (( $# != 2 )); then
+  echo "Usage: $0 PATH OWNER/REPO"
+  exit 1
+fi
+
+root=$1
+repo=$2
+
+rev=$(git -C "$root" rev-parse HEAD)
 
 echo "Because the documentation in this repository may slowly deviate from reality, this monthly issue is created to regularly review the files.
 
@@ -31,3 +41,10 @@ while read -r file users; do
   fi
   echo "- [ ] \`$file\`: $users"
 done < .github/CODEOWNERS
+
+echo ""
+
+# Check that all code owners have write permissions
+# `|| true` because this script fails when there are code owners without permissions,
+# which is useful to fail PRs, but not here
+"$SCRIPT_DIR"/unprivileged-owners.sh "$root" "$repo" || true