.github/workflows/system-file-changes.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

# This is a copy of the equivalent file in mdn/content.
# See https://github.com/mdn/content/blob/main/.github/workflows/system-file-changes.yml
# If you make changes here, make sure it first makes sense in that repo.

name: System file changes

on:
  pull_request_target:
    paths:
      - '.github/workflows/**'
      - '.github/CODEOWNERS'

jobs:
  block:
    # This make sure it only runs on our origin repo
    # and make an exception for Dependabot.
    if: github.repository_owner == 'mdn' && github.event.pull_request.user.login != 'dependabot[bot]'
    runs-on: ubuntu-latest
    steps:
      - name: Stop anything and everything
        run: |
          # It would be nice if we could disable this workflow if the PR
          # was made from a branch within the origin repo. But it seems you
          # can'd do that :(
          # See https://github.community/t/how-do-you-figure-out-if-a-pr-is-from-a-work-in-pull-request-target-workflows/170001

          echo "If you're an admin, you have you use your admin privileges to override."
          echo "If you're not an admin, please ping someone for a review."
          exit 1