name: Check for Disallowed Non-Maintainer Change on: pull_request_target: paths: - 'yarn.lock' - 'spec/yarn.lock' - '.github/workflows/**' - '.github/actions/**' - '.yarn/**' - '.yarnrc.yml' permissions: {} jobs: check-for-non-maintainer-dependency-change: name: Check for disallowed non-maintainer change if: ${{ github.event.pull_request.user.type != 'Bot' && !github.event.pull_request.draft }} permissions: contents: read pull-requests: write runs-on: ubuntu-latest steps: - name: Get author association id: get-author-association env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | AUTHOR_ASSOCIATION=$(gh api /repos/electron/electron/pulls/${{ github.event.pull_request.number }} --jq '.author_association') echo "author_association=$AUTHOR_ASSOCIATION" >> "$GITHUB_OUTPUT" - name: Check for existing review id: check-for-review if: ${{ !contains(fromJSON('["MEMBER", "OWNER"]'), steps.get-author-association.outputs.author_association) }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} PR_URL: ${{ github.event.pull_request.html_url }} run: | set -eo pipefail REVIEW_COUNT=$(gh pr view $PR_URL --json reviews | jq '[ .reviews[] | select(.author.login == "github-actions") | select(.body | startswith("")) ] | length') if [[ $REVIEW_COUNT -eq 0 ]]; then echo "SHOULD_REVIEW=1" >> "$GITHUB_OUTPUT" fi - name: Request changes if: ${{ steps.check-for-review.outputs.SHOULD_REVIEW }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} PR_URL: ${{ github.event.pull_request.html_url }} run: | printf "\n\nHello @${{ github.event.pull_request.user.login }}! It looks like this pull request touches one of our dependency or CI files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of changes in PRs." | gh pr review $PR_URL -r --body-file=-