Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/natterstefan/action-authorised-actor

Execute a GitHub Action only if the (triggering) actor is authorised to do so.
https://github.com/natterstefan/action-authorised-actor

actions github-actions github-workflows permissions

Last synced: 4 days ago
JSON representation

Execute a GitHub Action only if the (triggering) actor is authorised to do so.

Awesome Lists containing this project

README

        

# action-authorised-actor

[![Test](https://github.com/natterstefan/action-authorised-actor/actions/workflows/test.yml/badge.svg)](https://github.com/natterstefan/action-authorised-actor/actions/workflows/test.yml) [![CodeQL](https://github.com/natterstefan/action-authorised-actor/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/natterstefan/action-authorised-actor/actions/workflows/codeql-analysis.yml)

> Execute a GitHub Action only if the (triggering) actor is authorised to do so.

## Use Case

Instead of adding `if` conditions here and there to determine if the actor is authorised, use this action to simplify the process.

## Usage

Add the action to your workflow, define `actor` (optional, `env.GITHUB_ACTOR` by default) and `authorisedActors` and decide if the workflow should fail silently (`failSilently`) or not.

### Before

```yml
- name: Release Tag
if: ${{ github.actor == 'username' }}
run: npx semantic-release
```

### After

```yml
- name: Can actor release?
uses: natterstefan/action-authorised-actor@v1
with:
# JSON: string[]
authorisedActors: |
[
"octocat",
"natterstefan",
"nektos/act"
]
# or utilise GitHub Secrets, to obfuscate who's part of the list
# authorisedActors: ${{secrets.authorisedActor}}

# if `failSilently` was set to `false`, this step will not start if the actor is
# not authorised (included in `authorisedActors`). Instead the workflow will
# exit with 1 (=failure).
- name: Release Tag
run: npx semantic-release
```

Take a look at more examples in the
[`test.yml`](.github/workflows/test.yml#L24) Workflow file.

## Development

> First, you'll need to have a reasonably modern version of `node` handy. This
> won't work with versions older than 16, for instance.

Install the dependencies

```bash
npm install
```

Build the package for distribution

```bash
# package the source files
npm run package
# afterward create a release with the release GitHub action
```

Run the tests

```bash
npm run package # or npm run dev (watch mode)
npm test
```

Test the workflow locally with !

```bash
# or npm run dev (watch mode)
npm run package

# in another terminal window run
act -j test_failSilenty_True
act -s authorisedActors="[nektos/act]" -j test_failSilenty_true_with_Secret

# Uncomment test case first, as this one will exit with 1 (=failure)
act -j testFailSilentyFalse
```

## Alternatives

- [natterstefan/action-eligible-actor](https://github.com/natterstefan/action-eligible-actor): configure which actor is eligible to run a workflow with ease with a `eligible-actors-rules.json` configuration file
- [actions-cool/check-user-permission: 👮 A GitHub Action to check user permission of the current repository.](https://github.com/actions-cool/check-user-permission)
- [im-open/is-actor-authorized: Action that determines if the actor who initiated the workflow is authorized to do so.](https://github.com/im-open/is-actor-authorized)

## LICENSE

[MIT](LICENSE)

## Contributors ✨

Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)):



Stefan Natter

🤔 💻 📖

This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of any kind welcome!