Skip to content

Doing Rebase with main to trigger validation checks #9256

Doing Rebase with main to trigger validation checks

Doing Rebase with main to trigger validation checks #9256

name: Protected Files
on: pull_request
env:
# Users allowed to edit protected files without failing check
user-allowed: ${{ github.event.pull_request.user.login == 'azure-sdk' }}
jobs:
protected-files:
name: Protected Files
runs-on: ubuntu-24.04
steps:
# Since check is required, the job must pass instead of being skipped
- name: User allowed
if: ${{ env.user-allowed == 'true' }}
run: echo "Account '${{ github.event.pull_request.user.login }}' is allowed to update protected files"
- uses: actions/checkout@v4
if: ${{ env.user-allowed != 'true' }}
with:
# Required since "HEAD^" is passed to Get-ChangedFiles
fetch-depth: 2
- name: Detect changes to protected files
if: ${{ env.user-allowed != 'true' }}
run: |
. eng/scripts/ChangedFiles-Functions.ps1
$protectedFiles = @("cspell.json", "cspell.yaml", "package.json", "package-lock.json", ".github/*", "eng/*")
$changedFiles = @(Get-ChangedFiles -baseCommitish HEAD^ -targetCommitish HEAD -diffFilter "")
$matchedFiles = @($changedFiles | Where-Object { $changedFile = $_; $protectedFiles | Where-Object { $changedFile -like $_ } })
if ($matchedFiles.Count -gt 0) {
foreach ($file in $matchedFiles) {
Write-Output "::error file=$file::File '$file' should only be updated by the Azure SDK team. If intentional, the PR may be merged by the Azure SDK team via bypassing the branch protections."
}
exit 1
}
else {
Write-Output "No changes to protected files: [$($protectedFiles -join ', ')]"
}
shell: pwsh