From 5640fc3c07385cb8affada5372d22bdc67f7217e Mon Sep 17 00:00:00 2001 From: Silvan Mosberger Date: Wed, 24 Apr 2024 00:45:08 +0200 Subject: [PATCH] Check that code owners have write access for the regular review --- .github/workflows/review.yml | 4 ++-- scripts/review-body.sh | 19 ++++++++++++++++++- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/.github/workflows/review.yml b/.github/workflows/review.yml index 130d4d9..40a4f34 100644 --- a/.github/workflows/review.yml +++ b/.github/workflows/review.yml @@ -17,8 +17,8 @@ jobs: --method POST \ -H "Accept: application/vnd.github+json" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/"$GITHUB_REPOSITORY"/issues \ + /repos/${{ github.repository }}/issues \ -f title="[$(date +'%Y %B')] Regular manual review " \ - -f body="$(./scripts/review-body.sh)" + -f body="$(./scripts/review-body.sh . ${{ github.repository }})" env: GH_TOKEN: ${{ github.token }} diff --git a/scripts/review-body.sh b/scripts/review-body.sh index c9e8758..ad42ced 100755 --- a/scripts/review-body.sh +++ b/scripts/review-body.sh @@ -3,7 +3,17 @@ set -euo pipefail # This script outputs the contents of the regular review issue, see ./github/workflows/review.yml -rev=$(git rev-parse HEAD) +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +if (( $# != 2 )); then + echo "Usage: $0 PATH OWNER/REPO" + exit 1 +fi + +root=$1 +repo=$2 + +rev=$(git -C "$root" rev-parse HEAD) echo "Because the documentation in this repository may slowly deviate from reality, this monthly issue is created to regularly review the files. @@ -31,3 +41,10 @@ while read -r file users; do fi echo "- [ ] \`$file\`: $users" done < .github/CODEOWNERS + +echo "" + +# Check that all code owners have write permissions +# `|| true` because this script fails when there are code owners without permissions, +# which is useful to fail PRs, but not here +"$SCRIPT_DIR"/unprivileged-owners.sh "$root" "$repo" || true