Adding update to member check

Crebs · Jan 21, 2025 · 2a7d69d · 2a7d69d
1 parent d6a9299
commit 2a7d69d
Showing 1 changed file with 16 additions and 3 deletions.
diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
@@ -13,10 +13,23 @@ jobs:
     runs-on: macos-15
     steps:
       - name: Member Check
-        if: ${{ github.event.pull_request.author_association != 'MEMBER' && github.event.pull_request.author_association != 'OWNER' }}
+        uses: octokit/[email protected]
+        id: member_check
+        with:
+          route: >
+            GET /repos/${{ github.repository }}/collaborators/${{ github.triggering_actor }}/permission
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        - name: Validate Permissions
         run: |
-          echo "Pull Request not triggered by a MSDK team member.  Someone from the team needs to rerun this workflow AFTER it has been deemed safe. Test 123"
-          exit 1
+          permissions=$(echo "${{ steps.member_check.outputs.data }}" | jq -r '.permission')
+          echo "Triggering actor: \
+            ${{ github.triggering_actor }} has permissions: $permissions"
+          if [[ "$permissions" != "write" && "$permissions" != "admin" ]]; then
+            echo "Pull Request not triggered by a user with sufficient permissions."
+            echo "Someone from the team needs to rerun this workflow AFTER it has been deemed safe."
+            exit 1
+          fi
       - name: Checkout
         uses: actions/checkout@v4
         with: