我试图限制只能通过使用GitHub操作将PR合并到管理员的能力。下面是mergepr.yml
`name:限制对管理员的合并
on:pull_request:分支:- dev - master
作业:限制合并:接续:ubuntu最新版
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install GitHub CLI
run: |
# Download the GitHub CLI binary for Linux (replace URL with the correct one)
curl -fsSL https://github.com/cli/cli/releases/download/v2.35.0/gh_2.35.0_linux_amd64.tar.gz -o gh.tar.gz
tar -xzf gh.tar.gz
sudo mv gh_* /usr/local/bin/gh
gh --version
- name: Set up GitHub CLI
run: |
echo "Setting up GitHub CLI"
gh config set -h github.com ${GITHUB_TOKEN}
- name: Check if the user is an admin
run: |
PR_NUMBER="${{ github.event.pull_request.number }}"
USER_ROLE=$(gh api users/me/role --jq '.role')
if [[ $USER_ROLE != '"admin"' ]]; then
echo "Only admins can merge pull requests into the main branch."
exit 1
fi
- name: Merge the pull request
run: |
PR_NUMBER="${{ github.event.pull_request.number }}"
gh pr merge $PR_NUMBER --auto当用户为admin时,此GitHub操作预计会通过,但无论用户角色如何,它都会失败。下面是错误日志:Run echo "Setting up GitHub CLI" echo "Setting up GitHub CLI" gh config set -h github.com ${GITHUB_TOKEN} shell: /usr/bin/bash -e {0} Setting up GitHub CLI accepts 2 arg(s), received 0 Error: Process completed with exit code 1.`
1条答案
按热度按时间eivgtgni1#
你不能这样传递
${GITHUB_TOKEN}。使用${{secrets.GITHUB_TOKEN}}或将其作为环境变量传递(更安全)。最重要的是,
gh config set -h {host}需要两个参数:key和value,您提供的是{host}和value,而不是key。或
但是你不应该在配置中设置令牌。
ghwill automatically pick up the token when you set it in the environment。只需将以下内容添加到下面需要令牌进行身份验证的任务中。请务必阅读GitHub Actions加固-脚本注入攻击。