31ef45e2f1
This commit updates the maintainer check workflow to use the zephyrbot "PR assigner" token with `org:read` permission because the default workflow token is not able to retrieve organisation-level user membership information. Note that the workflow trigger condition is changed from `pull_request` to `pull_request_target` because non-workflow secrets may not be accessed from `pull_request` trigger for security reasons. Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
44 lines
1.2 KiB
YAML
44 lines
1.2 KiB
YAML
name: Maintainer file check
|
|
|
|
on:
|
|
pull_request_target:
|
|
branches:
|
|
- main
|
|
paths:
|
|
- MAINTAINERS.yml
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
assignment:
|
|
name: Check MAINTAINERS.yml changes
|
|
runs-on: ubuntu-24.04
|
|
|
|
steps:
|
|
- name: Check out source code
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
|
with:
|
|
python-version: 3.12
|
|
cache: pip
|
|
cache-dependency-path: scripts/requirements-actions.txt
|
|
|
|
- name: Install Python packages
|
|
run: |
|
|
pip install -r scripts/requirements-actions.txt --require-hashes
|
|
|
|
- name: Fetch MAINTAINERS.yml from mainline
|
|
run: |
|
|
git fetch origin main
|
|
git show origin/main:MAINTAINERS.yml > mainline_MAINTAINERS.yml
|
|
|
|
- name: Check maintainer file changes
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.ZB_PR_ASSIGNER_GITHUB_TOKEN }}
|
|
run: |
|
|
python ./scripts/ci/check_maintainer_changes.py \
|
|
--repo zephyrproject-rtos/zephyr mainline_MAINTAINERS.yml MAINTAINERS.yml
|