Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/im-open/is-actor-authorized
Action that determines if the actor who initiated the workflow is authorized to do so.
https://github.com/im-open/is-actor-authorized
authorization infra-purple-team meta
Last synced: 29 days ago
JSON representation
Action that determines if the actor who initiated the workflow is authorized to do so.
- Host: GitHub
- URL: https://github.com/im-open/is-actor-authorized
- Owner: im-open
- License: mit
- Created: 2021-06-11T14:44:05.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-08-23T18:31:06.000Z (4 months ago)
- Last Synced: 2024-08-23T20:20:05.997Z (4 months ago)
- Topics: authorization, infra-purple-team, meta
- Language: JavaScript
- Homepage:
- Size: 60.5 KB
- Stars: 1
- Watchers: 5
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# Is Actor Authorized
A simple action to check if an actor is authorized to trigger the workflow.
## Index
- [Is Actor Authorized](#is-actor-authorized)
- [Inputs](#inputs)
- [Usage Examples](#usage-examples)
- [Contributing](#contributing)
- [Incrementing the Version](#incrementing-the-version)
- [Source Code Changes](#source-code-changes)
- [Recompiling Manually](#recompiling-manually)
- [Updating the README.md](#updating-the-readmemd)
- [Tests](#tests)
- [Code of Conduct](#code-of-conduct)
- [License](#license)
## Inputs
| Parameter | Is Required | Description |
|---------------------|-------------|----------------------------------------------------------------|
| `actor` | true | The github username of the actor who triggered the workflow |
| `authorized-actors` | true | An array of strings containing the authorized github usernames |
## Usage Examples
```yml
jobs:
deploy-to-prod:
runs-on: im-linux
steps:
- uses: actions/checkout@v4
- name: Check if actor is authorized to deploy to prod
# You may also reference the major or major.minor version
uses: im-open/[email protected]
with:
actor: ${{ github.actor }}
authorized-actors: |
[
"bob-the-builder",
"potato",
"QA-boy"
]
- name: Deploy the code
run: |
```
## Contributing
When creating PRs, please review the following guidelines:
- [ ] The action code does not contain sensitive information.
- [ ] At least one of the commit messages contains the appropriate `+semver:` keywords listed under [Incrementing the Version] for major and minor increments.
- [ ] The action has been recompiled. See [Recompiling Manually] for details.
- [ ] The README.md has been updated with the latest version of the action. See [Updating the README.md] for details.
- [ ] Any tests in the [build-and-review-pr] workflow are passing
### Incrementing the Version
This repo uses [git-version-lite] in its workflows to examine commit messages to determine whether to perform a major, minor or patch increment on merge if [source code] changes have been made. The following table provides the fragment that should be included in a commit message to active different increment strategies.
| Increment Type | Commit Message Fragment |
|----------------|---------------------------------------------|
| major | +semver:breaking |
| major | +semver:major |
| minor | +semver:feature |
| minor | +semver:minor |
| patch | *default increment type, no comment needed* |
### Source Code Changes
The files and directories that are considered source code are listed in the `files-with-code` and `dirs-with-code` arguments in both the [build-and-review-pr] and [increment-version-on-merge] workflows.
If a PR contains source code changes, the README.md should be updated with the latest action version and the action should be recompiled. The [build-and-review-pr] workflow will ensure these steps are performed when they are required. The workflow will provide instructions for completing these steps if the PR Author does not initially complete them.
If a PR consists solely of non-source code changes like changes to the `README.md` or workflows under `./.github/workflows`, version updates and recompiles do not need to be performed.
### Recompiling Manually
This command utilizes [esbuild] to bundle the action and its dependencies into a single file located in the `dist` folder. If changes are made to the action's [source code], the action must be recompiled by running the following command:
```sh
# Installs dependencies and bundles the code
npm run build
```
### Updating the README.md
If changes are made to the action's [source code], the [usage examples] section of this file should be updated with the next version of the action. Each instance of this action should be updated. This helps users know what the latest tag is without having to navigate to the Tags page of the repository. See [Incrementing the Version] for details on how to determine what the next version will be or consult the first workflow run for the PR which will also calculate the next version.
### Tests
The build and review PR workflow includes tests which are linked to a status check. That status check needs to succeed before a PR is merged to the default branch. The tests do not need special permissions, so they should succeed whether they come from a branch or a fork.
## Code of Conduct
This project has adopted the [im-open's Code of Conduct](https://github.com/im-open/.github/blob/main/CODE_OF_CONDUCT.md).
## License
Copyright © 2023, Extend Health, LLC. Code released under the [MIT license](LICENSE).
[Incrementing the Version]: #incrementing-the-version
[Recompiling Manually]: #recompiling-manually
[Updating the README.md]: #updating-the-readmemd
[source code]: #source-code-changes
[usage examples]: #usage-examples
[build-and-review-pr]: ./.github/workflows/build-and-review-pr.yml
[increment-version-on-merge]: ./.github/workflows/increment-version-on-merge.yml
[esbuild]: https://esbuild.github.io/getting-started/#bundling-for-node
[git-version-lite]: https://github.com/im-open/git-version-lite