linux/hardened/patches/5.15: 5.15.144-hardened1 -> 5.15.145-hardened1 #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Direct Push Warning" | |
on: | |
push: | |
branches: | |
- master | |
- release-** | |
permissions: | |
contents: read | |
jobs: | |
build: | |
permissions: | |
contents: write # for peter-evans/commit-comment to comment on commit | |
runs-on: ubuntu-latest | |
if: github.repository_owner == 'NixOS' | |
env: | |
GITHUB_SHA: ${{ github.sha }} | |
GITHUB_REPOSITORY: ${{ github.repository }} | |
steps: | |
- name: Check if commit is a merge commit | |
id: ismerge | |
run: | | |
ISMERGE=$(curl -H 'Accept: application/vnd.github.groot-preview+json' -H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/${{ env.GITHUB_REPOSITORY }}/commits/${{ env.GITHUB_SHA }}/pulls | jq -r '.[] | select(.merge_commit_sha == "${{ env.GITHUB_SHA }}") | any') | |
echo "ismerge=$ISMERGE" >> $GITHUB_OUTPUT | |
# github events are eventually consistent, so wait until changes propagate to thier DB | |
- run: sleep 60 | |
if: steps.ismerge.outputs.ismerge != 'true' | |
- name: Warn if the commit was a direct push | |
if: steps.ismerge.outputs.ismerge != 'true' | |
uses: peter-evans/commit-comment@v2 | |
with: | |
body: | | |
@${{ github.actor }}, you pushed a commit directly to master/release branch | |
instead of going through a Pull Request. | |
That's highly discouraged beyond the few exceptions listed | |
on https://github.com/NixOS/nixpkgs/issues/118661 |