diff --git a/.github/workflows/bonk-pr-review.yml b/.github/workflows/bonk-pr-review.yml index a19e00b..9411393 100644 --- a/.github/workflows/bonk-pr-review.yml +++ b/.github/workflows/bonk-pr-review.yml @@ -9,7 +9,12 @@ jobs: # Skip Version Packages PRs (auto-generated by the changesets action) since they don't need a Bonk review if: | github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name && - !(github.event.pull_request.base.repo.owner.login == 'cloudflare' && github.event.pull_request.head.ref == 'changeset-release/main') + !(github.event.pull_request.base.repo.owner.login == 'cloudflare' && github.event.pull_request.head.ref == 'changeset-release/main') && + ( + github.event.pull_request.author_association == 'MEMBER' || + github.event.pull_request.author_association == 'COLLABORATOR' || + github.event.pull_request.author_association == 'OWNER' + ) runs-on: ubuntu-latest timeout-minutes: 30 concurrency: @@ -21,22 +26,6 @@ jobs: issues: write pull-requests: write steps: - - name: Check if PR author is Cloudflare org member - run: | - STATUS=$(gh api \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - "/orgs/cloudflare/members/${PR_AUTHOR}" \ - --silent -i 2>/dev/null | head -1 | awk '{print $2}') || true - if [ "$STATUS" != "204" ]; then - echo "User ${PR_AUTHOR} is not a member of the Cloudflare organization" - exit 1 - fi - echo "User ${PR_AUTHOR} is a Cloudflare org member" - env: - GH_TOKEN: ${{ secrets.READ_ONLY_ORG_GITHUB_TOKEN }} - PR_AUTHOR: ${{ github.event.pull_request.user.login }} - - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: diff --git a/.github/workflows/bonk.yml b/.github/workflows/bonk.yml index e26078f..b9516ce 100644 --- a/.github/workflows/bonk.yml +++ b/.github/workflows/bonk.yml @@ -12,7 +12,14 @@ concurrency: jobs: bonk: - if: github.event.sender.type != 'Bot' && (contains(github.event.comment.body, '/bonk') || contains(github.event.comment.body, '@ask-bonk')) + if: >- + github.event.sender.type != 'Bot' && + (contains(github.event.comment.body, '/bonk') || contains(github.event.comment.body, '@ask-bonk')) && + ( + github.event.comment.author_association == 'MEMBER' || + github.event.comment.author_association == 'COLLABORATOR' || + github.event.comment.author_association == 'OWNER' + ) runs-on: ubuntu-latest timeout-minutes: 60 permissions: @@ -21,22 +28,6 @@ jobs: issues: write pull-requests: write steps: - - name: Check if comment author is Cloudflare org member - run: | - STATUS=$(gh api \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - "/orgs/cloudflare/members/${COMMENT_AUTHOR}" \ - --silent -i 2>/dev/null | head -1 | awk '{print $2}') || true - if [ "$STATUS" != "204" ]; then - echo "User ${COMMENT_AUTHOR} is not a member of the Cloudflare organization" - exit 1 - fi - echo "User ${COMMENT_AUTHOR} is a Cloudflare org member" - env: - GH_TOKEN: ${{ secrets.READ_ONLY_ORG_GITHUB_TOKEN }} - COMMENT_AUTHOR: ${{ github.event.comment.user.login }} - - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: