[core] update .app files #978
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Close Unauthorized New Script PRs | |
| on: | |
| pull_request_target: | |
| branches: ["main"] | |
| types: [opened, labeled] | |
| jobs: | |
| check-new-script: | |
| if: github.repository == 'community-scripts/ProxmoxVE' | |
| runs-on: self-hosted | |
| permissions: | |
| pull-requests: write | |
| contents: read | |
| steps: | |
| - name: Close PR if unauthorized new script submission | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const pr = context.payload.pull_request; | |
| const prNumber = pr.number; | |
| const author = pr.user.login; | |
| const authorType = pr.user.type; // "User" or "Bot" | |
| const owner = context.repo.owner; | |
| const repo = context.repo.repo; | |
| // --- Only act on PRs with the "new script" label --- | |
| const labels = pr.labels.map(l => l.name); | |
| if (!labels.includes("new script")) { | |
| core.info(`PR #${prNumber} does not have "new script" label — skipping.`); | |
| return; | |
| } | |
| // --- Allow our bots --- | |
| const allowedBots = [ | |
| "push-app-to-main[bot]", | |
| "push-app-to-main", | |
| ]; | |
| if (allowedBots.includes(author)) { | |
| core.info(`PR #${prNumber} by allowed bot "${author}" — skipping.`); | |
| return; | |
| } | |
| // --- Check if author is a member of the contributor team --- | |
| const teamSlug = "contributor"; | |
| let isMember = false; | |
| try { | |
| const { status } = await github.rest.teams.getMembershipForUserInOrg({ | |
| org: owner, | |
| team_slug: teamSlug, | |
| username: author, | |
| }); | |
| // status 200 means the user is a member (active or pending) | |
| isMember = true; | |
| } catch (error) { | |
| if (error.status === 404) { | |
| isMember = false; | |
| } else { | |
| core.warning(`Could not check team membership for ${author}: ${error.message}`); | |
| // Fallback: check org membership | |
| try { | |
| await github.rest.orgs.checkMembershipForUser({ | |
| org: owner, | |
| username: author, | |
| }); | |
| isMember = true; | |
| } catch { | |
| isMember = false; | |
| } | |
| } | |
| } | |
| if (isMember) { | |
| core.info(`PR #${prNumber} by contributor "${author}" — skipping.`); | |
| return; | |
| } | |
| // --- Unauthorized: close the PR with a comment --- | |
| core.info(`Closing PR #${prNumber} by "${author}" — not a contributor or allowed bot.`); | |
| const comment = [ | |
| `👋 Hi @${author},`, | |
| ``, | |
| `Thank you for your interest in contributing a new script!`, | |
| ``, | |
| `However, **new scripts must first be submitted to our development repository** for testing and review before they can be merged here.`, | |
| ``, | |
| `> 🛑 New scripts must be submitted to [**ProxmoxVED**](https://github.com/community-scripts/ProxmoxVED) for testing.`, | |
| `> PRs without prior testing will be closed.`, | |
| ``, | |
| `Please open your PR at **https://github.com/community-scripts/ProxmoxVED** instead.`, | |
| `Once your script has been tested and approved there, it will be pushed to this repository automatically.`, | |
| ``, | |
| `This PR will now be closed. Thank you for understanding! 🙏`, | |
| ].join("\n"); | |
| await github.rest.issues.createComment({ | |
| owner, | |
| repo, | |
| issue_number: prNumber, | |
| body: comment, | |
| }); | |
| await github.rest.pulls.update({ | |
| owner, | |
| repo, | |
| pull_number: prNumber, | |
| state: "closed", | |
| }); | |
| // Add a label to indicate why it was closed | |
| await github.rest.issues.addLabels({ | |
| owner, | |
| repo, | |
| issue_number: prNumber, | |
| labels: ["not a script issue"], | |
| }); |