Skip to content

Clarify that jobs in a workflow can compromise each other only on self-hosted runners #23564

Clarify that jobs in a workflow can compromise each other only on self-hosted runners

Clarify that jobs in a workflow can compromise each other only on self-hosted runners #23564

name: OS Ready for review
# **What it does**: Adds pull requests and issues in the docs repository to the docs-content review board when the "waiting for review" label is added
# **Why we have it**: So that contributors in the OS repo can easily get reviews from the docs-content team, and so that writers can see when a PR is ready for review
# **Who does it impact**: Writers working in the docs repository
on:
# Needed in lieu of `pull_request` so that PRs from a fork can be triaged to the proper project board.
pull_request_target:
types: [labeled]
issues:
types: [labeled]
permissions:
contents: read
jobs:
request_doc_review:
name: Request a review from the docs-content team
if: github.event.label.name == 'waiting for review' && github.repository == 'github/docs'
runs-on: ubuntu-latest
steps:
- name: Check out repo content
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Check if this run was triggered by a member of the docs team
uses: actions/github-script@e69ef5462fd455e02edcaf4dd7708eda96b9eda0
id: triggered-by-member
with:
github-token: ${{secrets.DOCS_BOT_PAT_WORKFLOW_READORG}}
result-encoding: string
script: |
const triggerer_login = context.payload.sender.login
const teamMembers = await github.request(
`/orgs/github/teams/docs/members?per_page=100`
)
const logins = teamMembers.data.map(member => member.login)
if (logins.includes(triggerer_login)) {
console.log(`This workflow was triggered by ${triggerer_login} (on the docs team).`)
return 'true'
}
console.log(`This workflow was triggered by ${triggerer_login} (not on the docs team), so no action will be taken.`)
return 'false'
- name: Exit if not triggered by a docs team member
if: steps.triggered-by-member.outputs.result == 'false'
run: |
echo Aborting. This workflow must be triggered by a member of the docs team.
exit 1
- name: Setup Node.js
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version-file: 'package.json'
cache: npm
- name: Install dependencies
run: npm install @octokit/graphql
- name: Run script
run: |
node src/workflows/ready-for-docs-review.js
env:
TOKEN: ${{ secrets.DOCS_BOT_PAT_WRITEORG_PROJECT }}
PROJECT_NUMBER: 2936
ORGANIZATION: 'github'
ITEM_NODE_ID: ${{ github.event.pull_request.node_id || github.event.issue.node_id }}
AUTHOR_LOGIN: ${{ github.event.pull_request.user.login || github.event.issue.user.login }}
REPO: ${{ github.repository }}
- uses: ./.github/actions/slack-alert
if: ${{ failure() && github.event_name != 'pull_request_target' }}
with:
slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }}
slack_token: ${{ secrets.SLACK_DOCS_BOT_TOKEN }}