restructure how we check authed users #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Authorized Users | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| branches: | |
| - '*' | |
| jobs: | |
| check-authorization: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| approved: ${{ steps.gatekeeper.outputs.approved }} | |
| steps: | |
| - name: Check if user is approved | |
| id: gatekeeper | |
| run: | | |
| # Define the allowlist of users and teams | |
| # echo out who the actor is | |
| echo "The actor is: ${GITHUB_ACTOR}" | |
| APPROVED_USERS=("nikellepetrillo") | |
| #APPROVED_TEAMS=("dsp-devops") | |
| # Check if the user is in the allowlist | |
| if [[ " ${APPROVED_USERS[@]} " =~ " ${GITHUB_ACTOR} " ]]; then | |
| echo "User ${GITHUB_ACTOR} is approved." | |
| echo "approved=true" >> $GITHUB_ENV | |
| else | |
| echo "User ${GITHUB_ACTOR} is not approved." | |
| echo "approved=false" >> $GITHUB_ENV | |
| fi | |
| - name: Fail if not approved | |
| if: ${{ env.approved == 'false' }} | |
| run: | | |
| echo "This workflow is restricted. Approval required." | |
| exit 1 | |
| - name: Continue workflow if approved | |
| if: ${{ env.approved == 'true' }} | |
| run: | | |
| echo "Proceeding with the workflow for approved user: ${GITHUB_ACTOR}" |