Use triggering_actor as CI-dispatch criterion

iiasa · Jan 8, 2025 · 04ed41a · 04ed41a
1 parent 5d4b0d0
commit 04ed41a
Showing 1 changed file with 13 additions and 10 deletions.
diff --git a/.github/workflows/receive.yaml b/.github/workflows/receive.yaml
@@ -4,18 +4,21 @@ on:
   pull_request:
     branches: [ main ]
 
-env:
-  label: "safe to test"
-
 jobs:
   check:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Ensure first-party branch or valid label
-      if: >
-        github.repository != github.event.pull_request.head.repo.full_name &&
-        ! contains(github.event.pull_request.labels.*.name, env.label)
-      run: |
-        echo "Will not run \`pytest\` workflow for branch in fork without label \`${{ env.label }}\`." >>$GITHUB_STEP_SUMMARY
-        exit 1
+      - name: Get user permission
+        uses: actions-cool/check-user-permission@v2
+        id: checkAccess
+        with:
+          require: write
+          username: ${{ github.triggering_actor }}
+      - name: Ensure user permission
+        if: steps.checkAccess.outputs.require-result == 'false'
+        run: |
+          echo "${{ github.triggering_actor }} does not have permissions on this repo."
+          echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}"
+          echo "Job originally triggered by ${{ github.actor }}"
+          exit 1