Skip to content

FAIL - change .metadata.namespace #7

FAIL - change .metadata.namespace

FAIL - change .metadata.namespace #7

# description: |
# This GitHub Action will check every namespace amended in a PR, take the RBAC team name and confirm
# the user is in that team.
name: Check if user can amend namespace
on:
pull_request:
paths:
- 'namespaces/live.cloud-platform.service.justice.gov.uk/**'
env:
PR_OWNER: ${{ github.event.pull_request.user.login }}
BRANCH: ${{ github.head_ref }}
# GITHUB_OAUTH_TOKEN created manually by the cloud-platform-bot-user in last pass.
GITHUB_OAUTH_TOKEN: ${{ secrets.CHECK_GITHUB_TEAM }}
jobs:
rbac-permissions-check:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
steps:
- name: Checkout PR code
uses: actions/checkout@v4
# Runs custom script to check if the person who raised the PR is in the
# correct GitHub team.
- name: Check the PR owner is in the correct rbac group
id: review_pr
uses: ministryofjustice/cloud-platform-environments/cmd/rbac-permissions-check@main
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# If the user isn't permitted to make the change, write a comment in the issue.
- name: Create comment in the PR
uses: peter-evans/create-or-update-comment@v4
if: steps.review_pr.outputs.reviewOutput == 'false'
with:
issue-number: ${{ github.event.pull_request.number }}
body: |
The owner of this PR isn't a member of the relevant rbac teams.
# We need GitHub Actions to report a fail if the user isn't permitted.
- name: If user not in the rbac group; then fail
if: steps.review_pr.outputs.reviewOutput == 'false'
run: exit 1