warn

Jan bump #1616

	# SPDX-FileCopyrightText: 2022-2026 TII (SSRC) and the Ghaf contributors
	#
	# SPDX-License-Identifier: Apache-2.0

	name: warn
	on:
	pull_request:
	branches:
	- main

	permissions:
	contents: read

	jobs:
	warn-on-workflow-changes:
	# Send a warning and fail this job if any of the listed workflow files are changed.
	# Other workflows continue as normal but the failure will grab author's attention.
	runs-on: ubuntu-latest
	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit
	- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
	with:
	fetch-depth: 0
	persist-credentials: false
	- name: Check if workflow is modified
	id: workflow-changed
	uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
	with:
	files: \|
	.github/workflows/authorize.yml
	.github/workflows/build.yml
	- name: Send warning
	shell: bash
	run: \|
	if [ "${ANY_WORKFLOWS_CHANGED}" == "true" ]; then
	echo "::error::"\
	"This change edits a workflow file that triggers on 'pull_request_target'. "\
	"Raising this error to notify that the workflow change will only take "\
	"impact after merge. "\
	"Therefore, you need to manually test the change (perhaps in a forked repo) "\
	"before merging to make sure the change does not break anything." \
	"Workflow run results, as reported in the github PR actions for this change, "\
	"will be misleading."
	exit 1
	fi
	env:
	ANY_WORKFLOWS_CHANGED: ${{ steps.workflow-changed.outputs.any_changed }}

Provide feedback