This is an automated email from the ASF dual-hosted git repository.
janc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-core.git
The following commit(s) were added to refs/heads/master by this push:
new 9a6f47d2d ci: Change ci workflow conditions
9a6f47d2d is described below
commit 9a6f47d2d2f68e4b9fe6f9f02300e763b775997f
Author: Szymon Czapracki <[email protected]>
AuthorDate: Fri Oct 24 14:52:52 2025 +0200
ci: Change ci workflow conditions
Change condition from checking the role
to checking the permissions of the user.
Printout information before check, that
way we don't skip the workflow on wrong
conditions.
---
.github/workflows/add_ci_label.yml | 48 +++++++++++++++++++++++---------------
1 file changed, 29 insertions(+), 19 deletions(-)
diff --git a/.github/workflows/add_ci_label.yml
b/.github/workflows/add_ci_label.yml
index 0d9b5d6fb..286f07bd8 100644
--- a/.github/workflows/add_ci_label.yml
+++ b/.github/workflows/add_ci_label.yml
@@ -30,55 +30,65 @@ permissions:
jobs:
add-label:
- if: ${{ github.event.pull_request.author_association != 'CONTRIBUTOR' }}
runs-on: ubuntu-latest
steps:
- uses: actions/github-script@v7
with:
script: |
- const pr = context.payload.pull_request;
+ const pr = context.payload.pull_request;
- // Fetch author's repository permission level:
admin|maintain|write|triage|read|none
+ // Get author's effective repo permission:
admin|maintain|write|triage|read|none
let permission = 'unknown';
try {
const { data } = await
github.rest.repos.getCollaboratorPermissionLevel({
...context.repo,
username: pr.user.login,
});
- permission = data.permission;
+ permission = data.permission || 'unknown';
} catch (e) {
+ permission = 'none';
core.warning(`Could not fetch collaborator permission:
${e.status || ''} ${e.message}`);
}
+ const trusted = ['admin','maintain','write'].includes(permission);
+
const info = {
number: pr.number,
title: pr.title,
author: pr.user.login,
author_association: pr.author_association,
author_permission: permission,
+ trusted_by_permission: trusted,
base_repo: pr.base.repo.full_name,
head_repo: pr.head.repo.full_name,
is_fork: !!pr.head.repo.fork,
};
core.info('PR author info:\n' + JSON.stringify(info, null, 2));
- const label = 'needs-ci-approval';
- try {
+
+ // Only add the label if the author does NOT have write-level
permission
+ if (!trusted) {
+ const label = 'needs-ci-approval';
try {
- await github.request('POST /repos/{owner}/{repo}/labels', {
+ // Ensure the label exists (422 = already exists)
+ try {
+ await github.request('POST /repos/{owner}/{repo}/labels', {
+ ...context.repo,
+ name: label,
+ color: 'E3650b',
+ });
+ } catch (e) {
+ if (e.status !== 422) throw e;
+ }
+
+ await github.rest.issues.addLabels({
...context.repo,
- name: label,
- color: 'E3650b'
+ issue_number: context.issue.number,
+ labels: [label],
});
+ core.info(`Added '${label}' to PR #${context.issue.number}`);
} catch (e) {
- if (e.status !== 422) throw e; // already exists
+ core.setFailed(`Failed to label PR: ${e.status || ''}
${e.message}`);
}
-
- await github.rest.issues.addLabels({
- ...context.repo,
- issue_number: context.issue.number,
- labels: [label],
- });
- core.info(`Added '${label}' to PR #${context.issue.number}`);
- } catch (e) {
- core.setFailed(`Failed to label PR: ${e.status || ''}
${e.message}`);
+ } else {
+ core.info('Author has write-level permission; not adding
label.');
}
