aboutsummaryrefslogtreecommitdiff
path: root/.github
diff options
context:
space:
mode:
Diffstat (limited to '.github')
-rw-r--r--.github/workflows/system-file-changes.yml29
1 files changed, 29 insertions, 0 deletions
diff --git a/.github/workflows/system-file-changes.yml b/.github/workflows/system-file-changes.yml
new file mode 100644
index 0000000000..a4229007a9
--- /dev/null
+++ b/.github/workflows/system-file-changes.yml
@@ -0,0 +1,29 @@
+# This is a copy of the equivalent file in mdn/content.
+# See https://github.com/mdn/content/blob/main/.github/workflows/system-file-changes.yml
+# If you make changes here, make sure it first makes sense in that repo.
+
+name: System file changes
+
+on:
+ pull_request_target:
+ paths:
+ - '.github/workflows/**'
+ - '.github/CODEOWNERS'
+
+jobs:
+ block:
+ # This make sure it only runs on our origin repo
+ # and make an exception for Dependabot.
+ if: github.repository_owner == 'mdn' && github.event.pull_request.user.login != 'dependabot[bot]'
+ runs-on: ubuntu-latest
+ steps:
+ - name: Stop anything and everything
+ run: |
+ # It would be nice if we could disable this workflow if the PR
+ # was made from a branch within the origin repo. But it seems you
+ # can'd do that :(
+ # See https://github.community/t/how-do-you-figure-out-if-a-pr-is-from-a-work-in-pull-request-target-workflows/170001
+
+ echo "If you're an admin, you have you use your admin privileges to override."
+ echo "If you're not an admin, please ping someone for a review."
+ exit 1