Use triggering_actor as CI-dispatch criterion

iiasa · Jan 8, 2025 · 319620a · 319620a
1 parent 5d4b0d0
commit 319620a
Showing 1 changed file with 10 additions and 5 deletions.
diff --git a/.github/workflows/receive.yaml b/.github/workflows/receive.yaml
@@ -12,10 +12,15 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Ensure first-party branch or valid label
-      if: >
-        github.repository != github.event.pull_request.head.repo.full_name &&
-        ! contains(github.event.pull_request.labels.*.name, env.label)
+      - uses: actions-cool/check-user-permission@v2
+        id: checkAccess
+        with:
+          require: write
+          username: ${{ github.triggering_actor }}
+    - name: Ensure user permission
+      if: steps.checkAccess.outputs.require-result == 'false'
       run: |
-        echo "Will not run \`pytest\` workflow for branch in fork without label \`${{ env.label }}\`." >>$GITHUB_STEP_SUMMARY
+        echo "${{ github.triggering_actor }} does not have permissions on this repo."
+        echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}"
+        echo "Job originally triggered by ${{ github.actor }}"
         exit 1