nixpkgs/.github/workflows/direct-push.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

name: "Direct Push Warning"
on:
  push:
    branches:
     - master
     - release-**
jobs:
  build:
    runs-on: ubuntu-latest
    if: github.repository_owner == 'NixOS'
    env:
      GITHUB_SHA: ${{ github.sha }}
      GITHUB_REPOSITORY: ${{ github.repository }}
    steps:
    - name: Check if commit is a merge commit
      id: ismerge
      run: |
        ISMERGE=$(curl -H 'Accept: application/vnd.github.groot-preview+json' -H "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/${{ env.GITHUB_REPOSITORY }}/commits/${{ env.GITHUB_SHA }}/pulls | jq -r '.[] | select(.merge_commit_sha == "${{ env.GITHUB_SHA }}") | any')
        echo "::set-output name=ismerge::$ISMERGE"
    # github events are eventually consistent, so wait until changes propagate to thier DB
    - run: sleep 60
      if: steps.ismerge.outputs.ismerge != 'true'
    - name: Warn if the commit was a direct push
      if: steps.ismerge.outputs.ismerge != 'true'
      uses: peter-evans/commit-comment@v2
      with:
        body: |
          @${{ github.actor }}, you pushed a commit directly to master/release branch
          instead of going through a Pull Request.

          That's highly discouraged beyond the few exceptions listed
          on https://github.com/NixOS/nixpkgs/issues/118661