diff --git a/.github/workflows/pr-handler.yml b/.github/workflows/pr-handler.yml index 9124bf373c321..d64f38c3b5f0e 100644 --- a/.github/workflows/pr-handler.yml +++ b/.github/workflows/pr-handler.yml @@ -1,8 +1,12 @@ -name: Close Pull Request +name: Handle Pull Request on: pull_request_target: types: [opened, reopened] +# permissions: +# issues: write +# pull-requests: write + env: ALLOWED_TEAM: lando-github-pilot ALLOWED_PATHS: | @@ -12,15 +16,27 @@ jobs: close-pr: runs-on: ubuntu-latest steps: + + # Workflows don't get access to organisation metadata via the GITHUB_TOKEN. + # We use the Lando Web App to obtain a token with sufficient permissions. + - name: Generate a token + id: generate-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.LANDO_WEB_APP_ID }} + private-key: ${{ secrets.LANDO_WEB_APP_PRIVATE_KEY }} + - name: Check team membership id: team env: - GH_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ steps.generate-token.outputs.token }} GH_REPO: ${{ github.repository }} AUTHOR: ${{ github.event.pull_request.user.login }} + ALLOWED_TEAM: ${{ env.ALLOWED_TEAM }} run: | - ORG="${GITHUB_REPO/\/*/}" - if gh api "/orgs/${ORG}/teams/${ALLOWED_TEAM}/memberships/${AUTHOR}" --silent 2>/dev/null; then + set -x + ORG="${GH_REPO/\/*/}" + if gh api "/orgs/${ORG}/teams/${ALLOWED_TEAM}/memberships/${AUTHOR}"; then echo "is_member=true" >> $GITHUB_OUTPUT else echo "is_member=false" >> $GITHUB_OUTPUT @@ -33,7 +49,6 @@ jobs: GH_TOKEN: ${{ github.token }} GH_REPO: ${{ github.repository }} PR: ${{ github.event.pull_request.number }} - ALLOWED_TEAM: ${{ env.ALLOWED_TEAM }} ALLOWED_PATHS: ${{ env.ALLOWED_PATHS }} run: | PATTERN=$(echo "${ALLOWED_PATHS}" | xargs | tr ' ' '|') @@ -53,8 +68,9 @@ jobs: gh pr close "${PR}" --comment "(Automated Close) Please do not file pull requests here, see https://firefox-source-docs.mozilla.org/contributing/how_to_submit_a_patch.html" gh pr lock "${PR}" + # Make this a separate job with a correct name when the PR-closer is no longer needed. - name: Add Lando link - if: (steps.team.outputs.is_member == 'true' || steps.paths.outputs.only_allowed == 'true') && github.event.action == 'opened' + if: (steps.team.outputs.is_member == 'true' && steps.paths.outputs.only_allowed == 'true') && github.event.action == 'opened' env: GH_TOKEN: ${{ github.token }} GH_REPO: ${{ github.repository }} diff --git a/testing/talos/talos/tests/devtools/addon/content/pages/custom/debugger/app/package.json b/testing/talos/talos/tests/devtools/addon/content/pages/custom/debugger/app/package.json index ab53149a83730..8d70e40504ca3 100644 --- a/testing/talos/talos/tests/devtools/addon/content/pages/custom/debugger/app/package.json +++ b/testing/talos/talos/tests/devtools/addon/content/pages/custom/debugger/app/package.json @@ -8,7 +8,7 @@ "eslint-loader": "1.9.0", "eslint-plugin-flowtype": "2.39.1", "immutable": "^3.8.2", - "lodash": "^4.17.5", + "lodash": "^4.17.21", "react": "^16.2.0", "react-dom": "^16.2.0", "react-scripts": "1.0.17" diff --git a/testing/talos/talos/tests/devtools/addon/content/pages/custom/debugger/app/yarn.lock b/testing/talos/talos/tests/devtools/addon/content/pages/custom/debugger/app/yarn.lock index afb8e0aeacf2a..a4756dff2a2e2 100644 --- a/testing/talos/talos/tests/devtools/addon/content/pages/custom/debugger/app/yarn.lock +++ b/testing/talos/talos/tests/devtools/addon/content/pages/custom/debugger/app/yarn.lock @@ -3940,9 +3940,9 @@ lodash.uniq@^4.5.0: version "4.5.0" resolved "https://registry.yarnpkg.com/lodash.uniq/-/lodash.uniq-4.5.0.tgz#d0225373aeb652adc1bc82e4945339a842754773" -"lodash@>=3.5 <5", lodash@^4.14.0, lodash@^4.15.0, lodash@^4.17.2, lodash@^4.17.3, lodash@^4.17.4, lodash@^4.17.5, lodash@^4.3.0: - version "4.17.5" - resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.5.tgz#99a92d65c0272debe8c96b6057bc8fbfa3bed511" +"lodash@>=3.5 <5", lodash@^4.14.0, lodash@^4.15.0, lodash@^4.17.2, lodash@^4.17.21, lodash@^4.17.3, lodash@^4.17.4, lodash@^4.3.0: + version "4.17.21" + resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" loglevel@^1.4.1: version "1.6.0"