Skip to content

925209391/action-eligible-actor

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
.github
.github
 
 
.husky
.husky
 
 
__tests__
__tests__
 
 
dist
dist
 
 
src
src
 
 
.all-contributorsrc
.all-contributorsrc
 
 
.eslintignore
.eslintignore
 
 
.eslintrc.js
.eslintrc.js
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.prettierignore
.prettierignore
 
 
.prettierrc.json
.prettierrc.json
 
 
.tool-versions
.tool-versions
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Ethiomesmer.com
Ethiomesmer.com
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 
commitlint.config.js
commitlint.config.js
 
 
jest.config.js
jest.config.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
release.config.js
release.config.js
 
 
tsconfig.eslintrc.json
tsconfig.eslintrc.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

action-eligible-actor

Test CodeQL

Execute a GitHub Action only if the (triggering) actor is eligible (=authorised) to do so.

Use Case

Assume you have multiple workflows and a complex set of rules who can manually trigger which workflow. Instead of adding if conditions here and there you can define a set of rules (in eligible-actors-rules.json) and use this rule in multiple places. The management of the rules is centralized in one place.

But even if you only have a deployment.yml or release.yml workflow, this action can be very useful.

Usage

Add the action to your workflow, define rulesFile and the ruleId to apply to and decide if the workflow should fail silently (failSilently) or not.

Before

- name: Release Tag
  if: ${{ github.actor == 'username' }}
  run: npx semantic-release

After

- name: Can actor release?
  uses: natterstefan/action-eligible-actor@v1
  with:
    rulesFile: 'eligible-actors-rules.json' # default
    ruleId: 1 # required

# if `failSilently` for the rule with the id `1` was set to `false`, this step
# will not start if the actor is not eligible (included in `eligibleActors`).
# Instead the workflow will exit with 1 (=failure).
- name: Release Tag
  run: npx semantic-release

With the following eligible-actors-rules.json (type definition):

[
  {
    "id": "1",
    "description": "Repository owner only",
    "eligibleActors": ["natterstefan"],
    "failureMessage": "Only the repository owner can do this!",
    "failSilently": false
  }
]

Take a look at more examples in the test.yml Workflow file.

Development

First, you'll need to have a reasonably modern version of node handy. This won't work with versions older than 16, for instance.

Install the dependencies

npm install

Build the package for distribution

# package the source files
npm run package
# afterward create a release with the release GitHub action

Run the tests

npm run package # or npm run dev (watch mode)
npm test

Test the workflow locally with https://github.com/nektos/act!

npm run package # or npm run dev (watch mode)
act -j testFailSilentyTrue && act -j testFailSilentyFalse

Todos / To be discussed

  • add actor input instead of implicitly using process.env.GITHUB_ACTOR.

Alternatives

LICENSE

MIT

Contributors ✨

Thanks goes to these wonderful people (emoji key):


Stefan Natter
🤔 💻 📖

This project follows the all-contributors specification. Contributions of any kind welcome!

About

Mesmer Ethiopia

github.com/marketplace/actions/eligible-actor

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • TypeScript 56.4%
  • JavaScript 33.8%
  • DIGITAL Command Language 8.6%
  • Shell 1.2%