From 83f7818d9fa5d880cf9fdacd959cd368fc5417e8 Mon Sep 17 00:00:00 2001 From: Alan Wu Date: Wed, 18 Oct 2023 12:41:52 +1300 Subject: [PATCH] Improve workflow --- .github/workflows/cypress.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml index a582d4cc..447d5759 100644 --- a/.github/workflows/cypress.yml +++ b/.github/workflows/cypress.yml @@ -49,28 +49,34 @@ jobs: steps: - run: echo "event name is:" ${{ github.event_name }} - uses: actions-cool/check-user-permission@main + if: github.event_name == 'pull_request_target' id: checkUser with: require: 'write' username: ${{ github.event.pull_request.user.name }} - if: github.event_name == 'pull_request_target' - name: Checkout + if: github.event_name == 'pull_request_target' && steps.checkUser.outputs.require-result == 'true' uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.sha }} - if: github.event_name == 'pull_request_target' && steps.checkUser.outputs.check-result == 'true' - name: Checkout - uses: actions/checkout@v3 if: github.event_name == 'workflow_dispatch' + uses: actions/checkout@v3 - name: Setup Node.js uses: actions/setup-node@v3 with: node-version: 14.17.6 - name: Run e2e tests + if: github.event_name == 'workflow_dispatch' || steps.checkUser.outputs.require-result == 'true' uses: cypress-io/github-action@v6 with: build: yarn build start: yarn start wait-on: ${{ secrets.ROOT_URL }} command: yarn test-run-e2e - if: github.event_name == 'workflow_dispatch' || steps.checkUser.outputs.check-result == 'true' + - name: Skip tests + if: github.event_name == 'pull_request_target' || steps.checkUser.outputs.require-result == 'false' + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Pull request is opened by an user without write permission, tests are skipped for security reason')