WIP: feat(2fa): Enable 2FA token request proxying #1618
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-FileCopyrightText: 2022-2026 TII (SSRC) and the Ghaf contributors | |
| # | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: warn | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| warn-on-workflow-changes: | |
| # Send a warning and fail this job if any of the listed workflow files are changed. | |
| # Other workflows continue as normal but the failure will grab author's attention. | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Check if workflow is modified | |
| id: workflow-changed | |
| uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1 | |
| with: | |
| files: | | |
| .github/workflows/authorize.yml | |
| .github/workflows/build.yml | |
| - name: Send warning | |
| shell: bash | |
| run: | | |
| if [ "${ANY_WORKFLOWS_CHANGED}" == "true" ]; then | |
| echo "::error::"\ | |
| "This change edits a workflow file that triggers on 'pull_request_target'. "\ | |
| "Raising this error to notify that the workflow change will only take "\ | |
| "impact after merge. "\ | |
| "Therefore, you need to manually test the change (perhaps in a forked repo) "\ | |
| "before merging to make sure the change does not break anything." \ | |
| "Workflow run results, as reported in the github PR actions for this change, "\ | |
| "will be misleading." | |
| exit 1 | |
| fi | |
| env: | |
| ANY_WORKFLOWS_CHANGED: ${{ steps.workflow-changed.outputs.any_changed }} |