Test bug2001552 ok

.github/workflows/pr-handler.yml

@@ -0,0 +1,92 @@
+name: Handle Pull Request
+on:
+  # WARNING: pull_request_target MUST NOT be used if running code under control
+  # of the source PR [0], as it could risk leaking the GH_TOKENs.
+  #
+  # In this case, we do it as the job needs to run within the context of the
+  # target repo, so it can get a GH_TOKEN which it can use to comment on and
+  # update the PR.
+  #
+  # Crucially, no external code is loaded or run as part of this workflow.
+  #
+  # [0] https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#pull_request_target:~:text=Warning-,Running,websitehttps://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#pull_request_target:~:text=Warning-,Running,website
+  #
+  pull_request_target:
+    types: [opened, reopened]
+
+
+env:
+  ALLOWED_TEAM: lando-github-pilot
+  ALLOWED_PATHS: |
+    mobile/
+
+  GH_REPO: ${{ github.repository }}
+  PR: ${{ github.event.pull_request.number }}
+
+  GH_TOKEN: ${{ github.token }}
+
+jobs:
+  handle-pr:
+    runs-on: ubuntu-latest
+    steps:
+
+      # Workflows don't get access to organisation metadata via the GITHUB_TOKEN.
+      # We use the Lando Web App to obtain a token with sufficient permissions.
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.LANDO_WEB_APP_ID }}
+          private-key: ${{ secrets.LANDO_WEB_APP_PRIVATE_KEY }}
+
+      - name: Check team membership
+        id: team
+        env:
+          AUTHOR: ${{ github.actor }}
+          GH_ORG: $${{ github.repository_owner }}
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
+        run: |
+          if gh api "/orgs/${GH_ORG}/teams/${ALLOWED_TEAM}/memberships/${AUTHOR}" --silent 2>/dev/null; then
+            echo "is_member=true" >> $GITHUB_OUTPUT
+          else
+            echo "is_member=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Check allowed paths
+        id: paths
+        if: steps.team.outputs.is_member == 'true'
+        run: |
+          PATTERN=$(echo "${ALLOWED_PATHS}" | xargs | tr ' ' '|')
+          if gh pr view "${PR}" --json files --jq '.files[].path' | grep -vE "^(${PATTERN})"; then
+            echo "only_allowed=false" >> $GITHUB_OUTPUT
+          else
+            echo "only_allowed=true" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Close PR
+        if: steps.team.outputs.is_member != 'true' || steps.paths.outputs.only_allowed != 'true'
+        run: |
+          gh pr close "${PR}" --comment "(Automated Close) Please do not file pull requests here, see https://firefox-source-docs.mozilla.org/contributing/how_to_submit_a_patch.html"
+          gh pr lock "${PR}"
+
+      - name: Add Lando link
+        if: (steps.team.outputs.is_member == 'true' && steps.paths.outputs.only_allowed == 'true') && github.event.action == 'opened'
+        env:
+          #
+          # Set the following variables at the repository level [0].
+          # [0] https://docs.github.com/en/actions/how-tos/write-workflows/choose-what-workflows-do/use-variables#defining-configuration-variables-for-multiple-workflows
+          #
+          LANDO_BASE_URL: ${{ vars.LANDO_BASE_URL }}
+          LANDO_REPO: ${{ vars.LANDO_REPO }}
+          #
+          # If they are empty, the following will be used to determine sane defaults.
+          #
+          DEFAULT_LANDO_BASE_URL: https://lando.moz.tools
+          GITHUB_REPO: ${{ github.repository }}
+          TARGET_BRANCH: ${{ github.base_ref }}
+        run: |
+          LANDO_BASE_URL="${LANDO_BASE_URL:-${DEFAULT_LANDO_BASE_URL}}"
+          # We extract the GitHub repo name and target branch to use as
+          # default LANDO_REPO if unspecified.
+          LANDO_REPO="${LANDO_REPO:-${GITHUB_REPO/*\//}-${TARGET_BRANCH}}"
+          gh pr comment "${PR}" --body "[View this pull request in Lando](${LANDO_BASE_URL}/pulls/${LANDO_REPO}/${PR}) to land it once approved."

mobile/test

@@ -0,0 +1 @@
+9f189b34-cdbd-4d64-a24e-2c12fdface94